» StrongholdAntivirusFirewall.sys
Overview
Analysis
File Details
Behaviors (1)

StrongholdAntivirusFirewall.sys

Stronghold Antivirus Firewall

Security Stronghold LLC

The file StrongholdAntivirusFirewall.sys by Security Stronghold has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows kernel mode device driver named “Stronghold Antivirus Firewall”.

File name:

Publisher:

Security Stronghold (signed by Security Stronghold LLC)

Product:

Stronghold Antivirus Firewall

Version:

1.0 built by: WinDDK

MD5:

33fabb493086ac6e22832290b60a5503

SHA-1:

690c8c4f2d88be3056fa0fdd9433ca544e4834e2

SHA-256:

21243614f6f8983ecc8495a57f55fade2266f0365f16edbfedc9b449851b2864

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:01:41 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic.SecurityStronghold.Meta

15.7.5.8

File size:

30.9 KB (31,656 bytes)

Product version:

1.0

Original file name:

StrongholdAntivirusFirewall.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\stronghold antivirus\strongholdantivirusfirewall.sys

Digital Signature

Signed by:

Security Stronghold LLC

Authority:

GlobalSign nv-sa

Valid from:

10/14/2013 6:55:31 PM

Valid to:

12/11/2014 11:49:56 AM

Subject:

E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121ACD1A0DCFFA94069288588DCC5FFCF18

File PE Metadata

Compilation timestamp:

9/8/2013 4:12:01 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:fJLq1727UlXnJUoANeByRQXs4Y1GbIS22DJ5e:fJ4HYNecdYBte

Entry address:

0x803E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 48, AE, FF, FF, CC, CC, D4, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 83, 00, 00, 34, 60, 00, 00, A0, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A2, 83, 00, 00, 00, 60, 00, 00, A8, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8E, 84, 00, 00, 08, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8E, 83, 00, 00, 00, 00, 00, 00, 44, 84, 00, 00, 2C, 84, 00, 00, 18, 84, 00, 00, 56, 84, 00, 00, EE, 83, 00, 00, D4, 83... 
[+]

Code size:

19 KB (19,456 bytes)

Driver

Display name:

Stronghold Antivirus Firewall

Service name:

DriverSAFirewall

Type:

Kernel device driver (KernelDriver)

Remove StrongholdAntivirusFirewall.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.