» nethfdrv.sys
Overview
Analysis
File Details
Behaviors (1)

nethfdrv.sys

Fenix-amp LTD

The file nethfdrv.sys by Fenix-amp has been detected as a potentially unwanted program by 16 anti-malware scanners. It runs as a Windows kernel mode device driver named “nethfdrv”.

File name:

nethfdrv.sys

Publisher:

nethfdrv (signed by Fenix-amp LTD)

Product:

nethfdrv

Version:

1.4.3.1 built by: WinDDK

MD5:

4c722dbba6504df14f0abc6e33fec492

SHA-1:

6c144fa7161e91e5cda10b6712d242eb6c45a3c3

SHA-256:

89f794664cb08e2ad1f388725627f5e18fddd8bf128b823deac9639f97b3394b

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

5/17/2024 11:16:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.L

960

AVG

Webet

2015.0.3438

Bitdefender

Adware.SwiftBrowse.L

1.0.20.855

Emsisoft Anti-Malware

Adware.SwiftBrowse.L

8.14.06.20.04

ESET NOD32

Win32/RiskWare.NetFilter (variant)

8.10008

F-Secure

Adware.SwiftBrowse.L

11.2014-20-06_6

G Data

Adware.SwiftBrowse

14.6.24

IKARUS anti.virus

AdWare.SpadeCast

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.NetFilter

v2014.07.03.09

McAfee

Artemis!2EFBEE200F8A

5600.7094

MicroWorld eScan

Adware.SwiftBrowse.L

15.0.0.513

nProtect

Adware.SwiftBrowse.L

14.05.23.01

Reason Heuristics

PUP.Fenixamp.L

14.7.3.9

Sophos

BrowseSmart

4.98

Trend Micro House Call

TROJ_GEN.F47V0523

7.2.171

VIPRE Antivirus

Trojan.Win32.Generic

29520

File size:

39.6 KB (40,528 bytes)

Product version:

1.4.3.1

Original file name:

nethfdrv.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\nethfdrv.sys

Digital Signature

Signed by:

Fenix-amp LTD

Authority:

Thawte, Inc.

Valid from:

6/11/2014 7:00:00 PM

Valid to:

6/12/2015 6:59:59 PM

Subject:

CN=Fenix-amp LTD, O=Fenix-amp LTD, L=Kharkiv, S=Kharkiv, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

650A038F53D475B4FE115211F7DEB228

File PE Metadata

Compilation timestamp:

6/16/2014 2:16:17 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:O5zV9N9MNq9Okh6fc5KKvIl/MIfcLEl4+TFpTq+N:O5x9NHn4c5KKwZM5gl4oN

Entry address:

0x903E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 4E, 80, FF, FF, CC, CC, 74, 91, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AE, 94, 00, 00, C0, 70, 00, 00, B4, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 95, 00, 00, 00, 70, 00, 00, EC, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A0, 98, 00, 00, 38, 70, 00, 00, C4, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 98, 99, 00, 00, 10, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, 94, 00, 00, F0, 94, 00, 00, C8, 94... 
[+]

Code size:

26 KB (26,624 bytes)

Driver

Display name:

nethfdrv

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

Remove nethfdrv.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.