» nethfdrv.sys
Overview
Analysis
File Details
Behaviors (1)

nethfdrv.sys

nethfdrv

The file nethfdrv.sys has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a Windows kernel mode device driver named “nethfdrv”. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

nethfdrv.sys

Product:

nethfdrv

Description:

nethfdrv.sys

Version:

1.4.3.1 built by: WinDDK

MD5:

10905a5bef4eeb310800ec71bf77c3b6

SHA-1:

705cd53f249477aa2fe71271e3c8cb6f82bde03c

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 7:15:54 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Netfilter.2

885

AhnLab V3 Security

Trojan/Win32.Generic

2014.08.26

Avira AntiVirus

TR/Zusy.xynynabi

7.11.169.62

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140902

Baidu Antivirus

Trojan.Win32.NetFilter

4.0.3.1492

Bitdefender

Gen:Variant.Adware.Netfilter.2

1.0.20.1225

Comodo Security

Application.Win32.RiskWare.NetFilter.C

19310

Dr.Web

Tool.NetFilter.1

9.0.1.0245

Emsisoft Anti-Malware

Gen:Variant.Adware.Netfilter

8.14.09.02.04

ESET NOD32

Win32/RiskWare.NetFilter (variant)

8.10313

F-Secure

Gen:Variant.Adware.Netfilter.2

11.2014-02-09_3

G Data

Gen:Variant.Adware.Netfilter

14.9.24

IKARUS anti.virus

PUA.NetFilter

t3scan.1.7.5.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3312

Malwarebytes

PUP.Hacktool.NetFilter

v2014.09.02.04

McAfee

Artemis!10905A5BEF4E

5600.7019

MicroWorld eScan

Gen:Variant.Adware.Netfilter.2

15.0.0.735

Qihoo 360 Security

Win32/Trojan.2d6

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.172F9E64!388996708

23.00.65.14831

Sophos

Amonetize

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zusy

10384

Trend Micro House Call

TROJ_GEN.R08NH09HP14

7.2.245

VIPRE Antivirus

Amonetize

32538

File size:

48 KB (49,152 bytes)

Product version:

1.4.3.1

Original file name:

nethfdrv.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\nethfdrv.sys

File PE Metadata

Compilation timestamp:

8/24/2014 1:09:49 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:Yb7OFFEsTOgbdbsLziWaSKDVcNy/jtki/NuzBTPNGWEioeTz6kXrcR:Yb74ysTPeLmW56myPu9zNcIzPo

Entry address:

0xADBE

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 74, DD, FF, FF, CC, CC, 34, AE, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, B2, 00, 00, 94, 95, 00, 00, 20, AE, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3A, B2, 00, 00, 80, 95, 00, 00, 2C, AE, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, B2, 00, 00, 8C, 95, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 26, B2, 00, 00, 12, B2, 00, 00, 00, 00, 00, 00, 42, B2, 00, 00, 00, 00, 00, 00, 2C, AF, 00, 00, 44, AF, 00, 00, 56, AF... 
[+]

Entropy:

6.0196

Code size:

37.5 KB (38,400 bytes)

Driver

Display name:

nethfdrv

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

Remove nethfdrv.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.