» sdactmon.sys
Overview
Analysis
File Details
Behaviors (1)

sdactmon.sys

Max Secure Software SDActMon

Max Secure Software India Pvt. Ltd.

The file sdactmon.sys, “Max Secure Software Active Monitor Driver” by Max Secure Software India Pvt has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows file system device driver named “SDActMon”.

File name:

sdactmon.sys

Publisher:

Max Secure Software (signed by Max Secure Software India Pvt. Ltd.)

Product:

Max Secure Software SDActMon

Description:

Max Secure Software Active Monitor Driver

Version:

2, 0, 1, 1

MD5:

31107d80c50adc75da784d2def09da17

SHA-1:

9901f64ff7bced7d6978e72804dbef8fcb711d44

SHA-256:

81d6b60d22a0e2d2e521be726c593f088e0644fd051d652824529b568d97ab30

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 2:16:12 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MaxSecure.Optional.Meta (L)

16.2.14.4

File size:

120.5 KB (123,360 bytes)

Product version:

19, 0, 2, 1

Trademarks:

Max Secure Software

Original file name:

SDActMon

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\sdactmon.sys

Digital Signature

Signed by:

Max Secure Software India Pvt. Ltd.

Authority:

GlobalSign nv-sa

Valid from:

4/3/2012 3:30:08 AM

Valid to:

7/24/2014 12:27:41 PM

Subject:

E=tech@maxpcsecure.com, CN=Max Secure Software India Pvt. Ltd., O=Max Secure Software India Pvt. Ltd., L=pune, S=MH, C=IN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216A69882C6D7835A9F4F1D6DCB7AC9C32

File PE Metadata

Compilation timestamp:

4/5/2013 9:01:27 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:0e2KXoof/vvfvf/vvf3L7/skPPv/nH/vPvfPvMff/f/PaxzYGfSeVZjUY4ja3HI:92ABfhVxV4jaY

Entry address:

0x1D261

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 95, FD, FF, FF, CC, CC, CC, 64, D3, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9E, D8, 01, 00, A0, 50, 00, 00, 44, D3, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3C, D9, 01, 00, 80, 50, 00, 00, C4, D2, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 54, DC, 01, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, DC, 01, 00, 1C, DC, 01, 00, FE, DB, 01, 00, E2, DB, 01, 00, CE, DB, 01, 00, B4, DB, 01, 00, A0, DB, 01, 00, 84... 
[+]

Entropy:

5.1928

Code size:

30.5 KB (31,232 bytes)

Driver

Display name:

SDActMon

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Anti-Virus

Depends on:

FltMgr

Remove sdactmon.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.