home

nxfilter.sys

NxRay

Swiss Mobility Solutions SA

It runs as a Windows kernel mode device driver named “NxRay Filter v1.4.62.18438”.
Publisher:
Swiss Mobility Solutions  (signed by Swiss Mobility Solutions SA)

Product:
NxRay

Description:
NxRay Monitor

Version:
1.4.62.18438

MD5:
3d280d103857b4d73686ab61e03571fd

SHA-1:
e4f0183c9fb36fd9d5ba63770d2247682b978835

SHA-256:
5a4612f681faff29d502945fe3b7a6e9236cb5b171f2ebcd58682baabdfb2a4c

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 9:30:10 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Buzus
2.1.4+

File size:
36.5 KB (37,352 bytes)

Product version:
1.4.62.18438

Copyright:
Copyright (C) 2009-2012 Swiss Mobility Solutions

Original file name:
nxfilter

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\nxfilter.sys

Digital Signature
Signed by:
Swiss Mobility Solutions SA

Authority:
GlobalSign nv-sa

Valid from:
3/25/2010 8:11:26 PM

Valid to:
3/25/2012 9:11:23 PM

Subject:
CN=Swiss Mobility Solutions SA, O=Swiss Mobility Solutions SA, C=CH

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012796D7D26B

File PE Metadata
Compilation timestamp:
1/10/2012 1:43:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:51YxGoeqN474rTEq3+kG8PlSns/6cfGrHEDowH2mm00JRD0pUaYJLdspQxQZfdUF:5SdeU113+SesiVrKI4pCLQQim

Entry address:
0x6334

Entry point:
8B, FF, 55, 8B, EC, E8, C2, FF, FF, FF, 5D, E9, E4, C1, FF, FF, 80, 63, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AC, 64, 00, 00, 80, 41, 00, 00, 8C, 63, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4A, 69, 00, 00, 8C, 41, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 98, 64, 00, 00, 84, 64, 00, 00, 00, 00, 00, 00, B4, 64, 00, 00, CC, 64, 00, 00, EC, 64, 00, 00, 04, 65, 00, 00, 18, 65, 00, 00, 30, 65, 00, 00, 42, 65, 00, 00, 56, 65, 00, 00, 60, 65, 00, 00, 78, 65, 00, 00...
 
[+]

Entropy:
6.4264

Code size:
17.3 KB (17,664 bytes)

Driver
Display name:
NxRay Filter v1.4.62.18438

Service name:
nxfilter

Type:
Kernel device driver (KernelDriver)


Scan nxfilter.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.