× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2bd5e13b8ae292b1373dd747d9e84b7a1ff596ea81e4eb8d419ddbb8a5d87659
File name: mfeapfk.sys
Detection ratio: 0 / 67
Analysis date: 2018-11-06 17:52:58 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20181106
AegisLab 20181106
AhnLab-V3 20181106
Alibaba 20180921
ALYac 20181106
Antiy-AVL 20181106
Arcabit 20181106
Avast 20181106
Avast-Mobile 20181106
AVG 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
BitDefender 20181106
Bkav 20181106
CAT-QuickHeal 20181105
ClamAV 20181106
CMC 20181106
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181106
Cyren 20181106
DrWeb 20181106
eGambit 20181106
Emsisoft 20181106
Endgame 20180730
ESET-NOD32 20181106
F-Prot 20181106
F-Secure 20181106
Fortinet 20181106
GData 20181106
Ikarus 20181106
Sophos ML 20180717
Jiangmin 20181106
K7AntiVirus 20181106
K7GW 20181106
Kaspersky 20181106
Kingsoft 20181106
Malwarebytes 20181106
MAX 20181106
McAfee 20181106
McAfee-GW-Edition 20181106
Microsoft 20181106
eScan 20181106
NANO-Antivirus 20181106
Palo Alto Networks (Known Signatures) 20181106
Panda 20181106
Qihoo-360 20181106
Rising 20181106
SentinelOne (Static ML) 20181011
Sophos AV 20181106
SUPERAntiSpyware 20181031
Symantec 20181106
Symantec Mobile Insight 20181105
TACHYON 20181106
Tencent 20181106
TheHacker 20181104
TotalDefense 20181106
TrendMicro 20181106
TrendMicro-HouseCall 20181106
Trustlook 20181106
VBA32 20181106
ViRobot 20181106
Webroot 20181106
Yandex 20181106
Zillya 20181106
ZoneAlarm by Check Point 20181106
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright© 1995-2010 McAfee, Inc. All Rights Reserved.

Product SYSCORE.14.1.0.680.x86
File version SYSCORE.14.1.0.680.x86
Description Access Protection Filter Driver
Signature verification Signed file, verified signature
Signing date 10:59 PM 12/17/2010
Signers
[+] McAfee, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 9/13/2008
Valid to 12:59 AM 10/10/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 4F638B91E12390598F037E533C0AEA529AD1A371
Serial number 56 4A 36 1E 16 8A 81 A8 F3 EF AA DA 33 25 08 E1
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-17 21:24:29
Entry Point 0x0000142B
Number of sections 8
PE sections
Overlays
MD5 b68e41b9c95d2b964cf6b21b46d377b8
File type data
Offset 68896
Size 7192
Entropy 7.34
PE imports
KfReleaseSpinLock
ExReleaseFastMutex
KfAcquireSpinLock
KfLowerIrql
ExAcquireFastMutex
KeRaiseIrqlToDpcLevel
_purecall
KeQuerySystemTime
RtlInitUnicodeString
ZwOpenKey
_wcsupr
ExDeleteResourceLite
KeInitializeEvent
PsCreateSystemThread
IoGetDeviceObjectPointer
memset
_stricmp
KeQueryTimeIncrement
towupper
RtlUnwind
DbgPrint
ExReleaseResourceLite
ExAllocatePoolWithTag
RtlUnicodeStringToAnsiString
memcpy
IoGetCurrentProcess
ExFreePool
ExGetPreviousMode
PsGetVersion
ZwQuerySystemInformation
KeClearEvent
KeGetCurrentThread
ZwQuerySymbolicLinkObject
IoDeleteSymbolicLink
wcsncpy
KeSetEvent
KeLeaveCriticalRegion
ZwQueryValueKey
ObReferenceObjectByHandle
ObfDereferenceObject
ExInitializeResourceLite
strrchr
ExFreePoolWithTag
KefReleaseSpinLockFromDpcLevel
KeNumberProcessors
KefAcquireSpinLockAtDpcLevel
KeEnterCriticalRegion
ZwOpenSymbolicLinkObject
memmove
IoCreateSymbolicLink
DbgBreakPoint
ZwOpenDirectoryObject
KeQueryTickCount
IoDeviceObjectType
ExAcquireResourceSharedLite
PsGetCurrentProcessId
ZwSetValueKey
MmIsAddressValid
KeBugCheckEx
KeWaitForSingleObject
MmSystemRangeStart
ZwWaitForSingleObject
ZwClose
ObfReferenceObject
ExAcquireResourceExclusiveLite
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
18240

ImageVersion
0.0

ProductName
SYSCORE.14.1.0.680.x86

FileVersionNumber
14.1.0.680

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

PrivateBuild
SYSCORE.14.1.0.680.x86 F16

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
SYSCORE.14.1.0.680.x86

TimeStamp
2010:12:17 22:24:29+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Access Protection Filter Driver

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1995-2010 McAfee, Inc. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
McAfee, Inc.

CodeSize
49824

FileSubtype
7

ProductVersionNumber
0.0.0.0

EntryPoint
0x142b

ObjectFileType
Driver

File identification
MD5 af3baf4cded14d5fd7b8d94b78ae3f0a
SHA1 b7adc93e6e6be86f7e942764317c538d8cdf9d61
SHA256 2bd5e13b8ae292b1373dd747d9e84b7a1ff596ea81e4eb8d419ddbb8a5d87659
ssdeep
1536:QN/Dg6woROIyaL86EInZ2ZTFwKPDqlQ4RLm6wBa29:QlWoRm6EInsZTFw4mRLZwJ

authentihash 4e3ff18773911f21ed4237bc5a1e7965126b75ed52992af504f9261bb6689167
imphash 76448cfc56d88708540f986387ef97ec
File size 74.3 KB ( 76088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay signed native

VirusTotal metadata
First submission 2011-01-29 00:49:34 UTC ( 8 years, 3 months ago )
Last submission 2018-11-06 17:52:58 UTC ( 6 months, 2 weeks ago )
File names mfeapfk.sys
mfea2be.rra
sbs_ve_ambr_20150909210717.283_ 11330
C68314DD38DEB83A29920163AA1C1E00D3FAF332.sys
mfeapfk.sys
mfeapfk.sys
mfeaa9c5.rra
sbs_ve_ambr_20160020212633.593_ 164376
sbs_ve_ambr_20150926210333.926_ 1711
mfeapfk.sys
mfeaa775.rra
mfea8e3a.rra
sbs_ve_ambr_20150906210532.159_ 1797
mfea7faa.rra
sbs_ve_ambr_20151011210257.086_ 3212
mfeapfk.sys
mfea2a5a.rra
sbs_ve_ambr_20150923211209.488_ 96322
sbs_ve_ambr_20160118210311.494_ 12348
sbs_ve_ambr_20150915210252.544_ 11330
sbs_ve_ambr_20151020210212.498_ 3212
sbs_ve_ambr_20150926210332.358_ 10894
sbs_ve_ambr_20160504210201.060_ 3618
mfeapfk.sys
sbs_ve_ambr_20160218210248.899_ 5976658
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!