» mwiynzm4ndy1yjz.sys
Overview
Analysis
File Details
Behaviors (1)

mwiynzm4ndy1yjz.sys

Windows Win 7 DDK driver

IMedia Holdings Ltd.

The file mwiynzm4ndy1yjz.sys, “NetFilter SDK WFP Driver (WPP)” by IMedia Holdings has been detected as adware by 13 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “mwiynzm4ndy1yjz”.

File name:

mwiynzm4ndy1yjz.sys

Publisher:

Windows (R) Win 7 DDK provider (signed by IMedia Holdings Ltd.)

Product:

Windows (R) Win 7 DDK driver

Description:

NetFilter SDK WFP Driver (WPP)

Version:

1.4.5.8

MD5:

945841455c4b5d5d49e934bb3348e0c0

SHA-1:

693a5921173d9695d51fa0df09cd42191f7a686b

SHA-256:

913e81f6687f227c9386abdd3c9b5d69e93870c80f12906045c3fc957a2fa695

Scanner detections:

13 / 68

Status:

Adware

Analysis date:

4/24/2024 2:04:31 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

avast!

Win32:GenMaliciousA-QOX [Adw]

2014.9-150830

AVG

Generic

2016.0.3001

Bkav FE

W64.HfsAdware

1.3.0.6379

Dr.Web

Adware.Salus.7

9.0.1.0242

ESET NOD32

Win64/NetFilter.A potentially unsafe (variant)

9.11384

Fortinet FortiGate

Adware/NetFilter

8/30/2015

Malwarebytes

PUP.Optional.Imedia.SID

v2015.08.30.08

McAfee

Artemis!945841455C4B

5600.6657

NANO AntiVirus

Riskware.Win64.Salus.dpnnmw

0.30.8.659

Reason Heuristics

PUP.iMedia.IMediaHoldings (M)

15.8.30.20

Trend Micro House Call

Suspicious_GEN.F47V0313

7.2.242

VIPRE Antivirus

Trojan.Win32.Generic

38816

File size:

53.4 KB (54,664 bytes)

Product version:

6.2.9200.16384

Original file name:

netfilter2.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys

Digital Signature

Signed by:

IMedia Holdings Ltd.

Authority:

COMODO CA Limited

Valid from:

1/19/2015 3:00:00 AM

Valid to:

1/20/2016 2:59:59 AM

Subject:

CN=IMedia Holdings Ltd., O=IMedia Holdings Ltd., STREET=63 Hoi Yuen Road Kwun Tong, L="Kwun Tong, Kowloon", S=Kowloon, PostalCode=000000, C=HK

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

195D67AB1498A113C8A2DA8962CB7B16

File PE Metadata

Compilation timestamp:

12/2/2014 11:24:13 AM

OS version:

6.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

768:9une08Koz2RJQnrUiL93+df7kAWvnoLxhzuKdRR0D6jTgLvaWGYllzc1DMV32riO:pyYb9udFWvnUt7RHgDaWGYKMV32riO

Entry address:

0x8E20

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, D3, 41, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 0A, DD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 99, 22, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 08, 00, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, B9, 02, 00, 00, 00, CD, 29, CC, CC, CC, CC, CC, CC, CC, CC, CC, B9, 08, 00, 00, 00, CD, 29, CC... 
[+]

Entropy:

6.2735

Code size:

37 KB (37,888 bytes)

Driver

Display name:

mwiynzm4ndy1yjz

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

Remove mwiynzm4ndy1yjz.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.