» VBoxNetFlt.sys
Overview
Analysis
File Details
Behaviors (1)

VBoxNetFlt.sys

VMLite Workstation

Remotesoft, Inc.

It runs as a Windows 64-bit kernel mode device driver named “VBoxNetFlt Service”.

File name:

VBoxNetFlt.sys

Publisher:

VMLite, Inc. (signed by Remotesoft, Inc.)

Product:

VMLite Workstation

Description:

VMLite Bridged Networking Driver

Version:

3.1.0.r24560

MD5:

196e287a5158875dc44a8c649e4d69d8

SHA-1:

f9bc65d8f45ef0e99796a9068c7cec89d7004293

SHA-256:

ca8f39a16600e1c70213cb57f72b15e0d157f2f6546a300a730455534f36f9bb

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 4:46:15 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.XPACK.Gen3

7.11.30.172

File size:

163.7 KB (167,640 bytes)

Product version:

3.1.0.r24560

Original file name:

VBoxNetFlt.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\vboxnetflt.sys

Digital Signature

Signed by:

Remotesoft, Inc.

Authority:

GlobalSign nv-sa

Valid from:

7/14/2009 3:31:07 AM

Valid to:

7/15/2010 3:31:06 AM

Subject:

CN="Remotesoft, Inc.", O="Remotesoft, Inc.", L=Fremont, S=CA, C=US

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012275C00CFD

File PE Metadata

Compilation timestamp:

11/12/2009 2:34:00 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

3072:gC3cTeXEiGXqcmFGjzHzGuEvr5ob4DxDpDss4TlavS2:PGxT3Gxok1Dz4Tlw

Entry address:

0x61F0

Entry point:

48, 89, 6C, 24, 10, 48, 89, 74, 24, 20, 57, 48, 83, EC, 70, 48, 8B, F1, 33, ED, 33, C9, 48, 89, 2D, 73, C2, 01, 00, 48, 8B, FA, E8, FB, 70, 00, 00, 85, C0, 78, 29, 48, 8D, 0D, F0, 93, 01, 00, 33, D2, 41, B8, 88, 00, 00, 00, E8, 03, 4C, 00, 00, 48, 8D, 0D, DC, 93, 01, 00, E8, 97, B0, FF, FF, 85, C0, 79, 1C, E8, 5E, 71, 00, 00, B8, 01, 00, 00, C0, 4C, 8D, 5C, 24, 70, 49, 8B, 6B, 18, 49, 8B, 73, 28, 49, 8B, E3, 5F, C3, 48, 8B, D7, 48, 8B, CE, 48, 89, 9C, 24, 80, 00, 00, 00, E8, B4, 3F, 00, 00, 85, C0, 8B, D8... 
[+]

Entropy:

6.1372

Code size:

105.8 KB (108,352 bytes)

Driver

Display name:

VBoxNetFlt Service

Service name:

VBoxNetFlt

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

Scan VBoxNetFlt.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.