» MultiKey.sys
Overview
Analysis
File Details
Behaviors (1)

MultiKey.sys

Virtual USB MultiKey

NGO

It runs as a Windows kernel mode device driver named “Virtual USB MultiKey”.

File name:

MultiKey.sys

Publisher:

Chingachguk & Denger2k (Elite & SP edition) (signed by NGO)

Product:

Virtual USB MultiKey

Version:

0.18.0.3 built by: WinDDK

MD5:

d2707d8637284c2d11a38bb3c49400eb

SHA-1:

af6353b4e69ee775548690bd82c49c9c3a36125d

SHA-256:

4718f3412acf8dc70573f430f7b4d4230675e8e7a3831e494c9715706b29cd82

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 2:59:37 AM UTC (today)

File size:

89 KB (91,136 bytes)

Product version:

0.18.0.3

Original file name:

MultiKey.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\multikey.sys

Digital Signature

Signed by:

NGO

Authority:

NGO

Valid from:

2/8/2011 6:30:57 PM

Valid to:

1/1/2040 12:59:59 AM

Subject:

CN=NGO

Issuer:

CN=NGO

Serial number:

FD62153F6145FD8D4F0C5A9CCB9673E6

File PE Metadata

Compilation timestamp:

4/15/2009 11:03:40 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

7.10

CTPH (ssdeep):

1536:GpICS4Ai4FmjLiL7dXDDOE+AajtdHJsh1SWBAIrykoMd9HglZ/fF+7l:j7hDDOE+AI0Is5BnglZ/f47l

Entry address:

0x14956

Entry point:

8B, FF, 55, 8B, EC, A1, 54, 7B, 01, 00, 85, C0, B9, 40, BB, 00, 00, 74, 04, 3B, C1, 75, 23, 8B, 15, 24, 05, 01, 00, B8, 54, 7B, 01, 00, C1, E8, 08, 33, 02, 25, FF, FF, 00, 00, A3, 54, 7B, 01, 00, 75, 07, 8B, C1, A3, 54, 7B, 01, 00, F7, D0, A3, 50, 7B, 01, 00, 5D, E9, B3, FE, FF, FF, CC, CC, CC, EC, 49, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 64, 4E, 01, 00, 90, 04, 00, 00, DC, 49, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B2, 4E, 01, 00, 80, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

82.1 KB (84,096 bytes)

Driver

Display name:

Virtual USB MultiKey

Service name:

multikey

Type:

Kernel device driver (KernelDriver)

Group:

Extended Base

Scan MultiKey.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.