» NadVnbox.sys
Overview
Analysis
File Details
Behaviors (1)

NadVnbox.sys

NadVnbox

NextepMedia, Inc.

It runs as a Windows kernel mode device driver named “NadVNBox”.

File name:

NadVnbox.sys

Publisher:

NadSoft (signed by NextepMedia, Inc.)

Product:

NadVnbox

Description:

NadSoft Drm Driver

Version:

6513, 3, 6513, 3

MD5:

7db9a58a585686fdbf25e88bf8cfc5be

SHA-1:

1f0a143e794b465ab12b174e1c61064ccc647300

SHA-256:

7a51e440474862459035cc6311e4fff67fa0e74e2a4834c6acc794e2ef1f8317

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 8:59:33 AM UTC (today)

File size:

62.2 KB (63,696 bytes)

Product version:

1.0

Original file name:

NadVnbox.sys

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\nadvnbox.sys

Digital Signature

Signed by:

NextepMedia, Inc.

Authority:

VeriSign, Inc.

Valid from:

6/18/2009 9:00:00 AM

Valid to:

6/19/2010 8:59:59 AM

Subject:

CN="NextepMedia, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NextepMedia, Inc.", L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3212A6344E5CC6F924CD0195DD5EB69A

File PE Metadata

Compilation timestamp:

12/18/2006 10:23:25 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

5.12

CTPH (ssdeep):

1536:S6/GX/+OViAnvXFvDrMnnPBRRGjbc/YGCw1M:S6/GX/fiIFvMnPBRRAEy

Entry address:

0xCCE2

Entry point:

55, 8B, EC, 81, EC, 80, 00, 00, 00, C7, 45, FC, 08, 00, 00, 00, C7, 05, C0, 7D, 01, 00, 05, 00, 00, 00, 83, 25, C4, 7D, 01, 00, 00, 8B, 45, 08, A3, 5C, 6D, 01, 00, 68, E0, 97, 01, 00, FF, 15, FC, 59, 01, 00, 6A, 00, 68, 50, 40, 01, 00, 68, A0, 6D, 01, 00, FF, 15, F8, 59, 01, 00, 68, A0, 97, 01, 00, FF, 15, FC, 59, 01, 00, 6A, 00, 68, C8, 41, 01, 00, 68, 80, 6D, 01, 00, FF, 15, F8, 59, 01, 00, 6A, 00, 68, B0, 40, 01, 00, E8, 6D, 8C, FF, FF, 89, 45, 88, 68, C0, CC, 01, 00, 8D, 45, D0, 50, FF, 15, F0, 59, 01... 
[+]

Entropy:

5.0664

Developed / compiled with:

Microsoft Visual C++

Code size:

27 KB (27,648 bytes)

Driver

Display name:

NadVNBox

Type:

Kernel device driver (KernelDriver)

Scan NadVnbox.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.