home

renvrd64.pro

NetFBup Filter

Internet Rimon

Publisher:
B-Up Systems Ltd.  (signed by Internet Rimon)

Product:
NetFBup Filter

Description:
NetFBup Hook Driver (WPP)

Version:
1.3.8.5 built by: WinDDK

MD5:
5cbd01b3f711f02ee02e7ed4969ec654

SHA-1:
92ce0ea8e3309ecb40b1230d4c492d476b1e6c29

SHA-256:
4561f00babf6b1f1a1004b8e49a77d7bf9e91e8bc6a97d1224b4854aa4aeca2f

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/19/2024 10:09:45 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

ESET NOD32
Win64/NetFilter.A potentially unsafe (variant)
9.12228

File size:
56.2 KB (57,528 bytes)

Product version:
1.3.8.5

Copyright:
Copyright © 2010 B-Up Systems Ltd.

Original file name:
netfbup.sys

Common path:
C:\users\{user}\appdata\local\temp\renvrd64.pro

Digital Signature
Signed by:
Internet Rimon

Authority:
GlobalSign nv-sa

Valid from:
2/15/2011 9:43:52 AM

Valid to:
2/15/2014 9:43:48 AM

Subject:
E=mr@neto.net.il, CN=Internet Rimon, O=Internet Rimon, L=Givat Shmuel, S=israel, C=IL

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012E2875942D

File PE Metadata
Compilation timestamp:
1/27/2011 9:36:23 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
1536:qpcvTKVbZnA9sRmXkHMz0OvtdiNC+Nidc2:qGvTKVtnAUjHMzJvtdijO

Entry address:
0x10064

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 1A, A7, FF, FF, CC, CC, D0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 92, 04, 01, 00, 10, C0, 00, 00, C0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, 04, 01, 00, 00, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A0, 04, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 02, 01, 00, 00, 00, 00, 00, 22, 02, 01, 00, 00, 00, 00, 00, 36, 02, 01, 00...
 
[+]

Entropy:
6.3690

Code size:
42 KB (43,008 bytes)

Scan renvrd64.pro - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.