» tap0901.sys
Overview
Analysis
File Details
Behaviors (1)

tap0901.sys

TAP-Win32 Virtual Network Driver

Faceless LLC

The file tap0901.sys by Faceless has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows kernel mode device driver named “TAP-Win32 Adapter V9”.

File name:

tap0901.sys

Publisher:

The OpenVPN Project (signed by Faceless LLC)

Product:

TAP-Win32 Virtual Network Driver

Version:

2.2-RC2 9/8 built by: WinDDK

MD5:

ada02a9cbda2b69a9bd76ab1bb751083

SHA-1:

898d281151720fb62cbbe0e0aca8712d9fc5e363

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 3:09:02 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.6.27.22

File size:

31 KB (31,728 bytes)

Product version:

2.2-RC2 9/8

OpenVPN Technologies, Inc.

Original file name:

tap0901.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\tap0901.sys

Digital Signature

Signed by:

Faceless LLC

Authority:

COMODO CA Limited

Valid from:

10/17/2011 9:00:00 PM

Valid to:

10/17/2014 8:59:59 PM

Subject:

CN=Faceless LLC, O=Faceless LLC, POBox=3347, STREET=P.O.3347, L=Road Town, S=Tortola/Drake Chambers, PostalCode=3347, C=VG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1347C79856F3DDCC4DA410F8040463FD

File PE Metadata

Compilation timestamp:

3/24/2011 5:20:11 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:BgM8adJkQLXLy4VZGDN+7rIAAPSi+VVsrNSztKVREmsRIVqttzhzPvZ6i/03rWDF:BtfwM7GPSi+VVqWeaTtpZt/4rWDfKhva

Entry address:

0x815F

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, A1, FE, FF, FF, CC, 18, 82, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, 83, 00, 00, 58, 60, 00, 00, C0, 81, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 42, 84, 00, 00, 00, 60, 00, 00, D0, 81, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FE, 85, 00, 00, 10, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 2E, 84, 00, 00, 1A, 84, 00, 00, 06, 84, 00, 00, 00, 00, 00, 00, CE, 85, 00, 00, B6, 85, 00, 00, 98, 85, 00, 00, 80, 85, 00... 
[+]

Code size:

21.5 KB (22,016 bytes)

Driver

Display name:

TAP-Win32 Adapter V9

Service name:

tap0901

Type:

Kernel device driver (KernelDriver)

Group:

NDIS

Remove tap0901.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.