» drv.sys
Overview
Analysis
File Details
Behaviors (1)

drv.sys

The file drv.sys has been detected as malware by 11 anti-virus scanners. It runs as a Windows kernel mode device driver named “Driver for One Device”.

File name:

drv.sys

MD5:

5e4c6413f954c9bf823b2268abac5cd2

SHA-1:

d18b1f27261c7de8cd6606aeac521eea6fbb5362

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/30/2024 2:52:54 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Rkit/Agent.bfwm

8.2.1.242

Emsisoft A-Squared

Rootkit.Win32.Small!IK

4.5.0.50

avast!

Win32:KillAV-OP

2014.9-170306

AVG

KillKAV.D

2018.0.2447

ESET NOD32

Win32/AutoRun.AntiAV (variant)

11.5130

G Data

Win32:KillAV-OP

17.3.21

IKARUS anti.virus

Rootkit.Win32.Small

t3scan.1.1.84.0

Panda Antivirus

Trj/Downloader.MDW

17.03.06.02

Prevx

Medium Risk Malware

3.0

Quick Heal

Rootkit.Agent.bfwk

3.17.10.00

Rising Antivirus

RootKit.Win32.Mnless.bqi

23.00.65.17304

File size:

3.6 KB (3,712 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\drv.sys

File PE Metadata

Compilation timestamp:

5/14/2010 7:39:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

7.0

Entry address:

0x7CA

Entry point:

55, 8B, EC, 83, EC, 10, 56, 8B, 75, 08, 57, 8B, 3D, 40, 09, 01, 00, B8, E8, 04, 01, 00, 89, 46, 38, 89, 46, 40, 68, BA, 06, 01, 00, 8D, 45, F8, 50, C7, 46, 70, E1, 05, 01, 00, C7, 46, 34, 87, 04, 01, 00, FF, D7, 68, D6, 06, 01, 00, E8, 73, 00, 00, 00, C7, 04, 24, 0A, 07, 01, 00, E8, 67, 00, 00, 00, 59, 8D, 45, 08, 50, 6A, 00, 6A, 00, 6A, 22, 8D, 45, F8, 50, 6A, 00, 56, FF, 15, 3C, 09, 01, 00, 85, C0, 7C, 45, 68, 42, 07, 01, 00, E8, 41, 00, 00, 00, 8D, 45, F0, C7, 04, 24, 72, 07, 01, 00, 50, FF, D7, 8D, 45... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.1 KB (2,176 bytes)

Driver

Display name:

Driver for One Device

Service name:

One

Type:

Kernel device driver (KernelDriver)

Group:

Extended Base

Remove drv.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.