× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: afe653d7a673af7863f00e344a7055f5bd53c78ce5344e286cbcbf63b3443440
File name: avgntflt.sys
Detection ratio: 0 / 67
Analysis date: 2017-11-08 21:48:47 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware 20171108
AegisLab 20171108
AhnLab-V3 20171108
Alibaba 20170911
ALYac 20171108
Antiy-AVL 20171103
Arcabit 20171108
Avast 20171108
Avast-Mobile 20171108
AVG 20171108
Avira (no cloud) 20171108
AVware 20171108
Baidu 20171108
BitDefender 20171108
Bkav 20171108
CAT-QuickHeal 20171108
ClamAV 20171108
CMC 20171104
Comodo 20171108
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171108
Cyren 20171108
DrWeb 20171108
eGambit 20171108
Emsisoft 20171108
Endgame 20171024
ESET-NOD32 20171108
F-Prot 20171108
F-Secure 20171108
Fortinet 20171108
GData 20171108
Ikarus 20171108
Sophos ML 20170914
Jiangmin 20171108
K7AntiVirus 20171108
K7GW 20171108
Kaspersky 20171108
Kingsoft 20171108
Malwarebytes 20171108
MAX 20171108
McAfee 20171108
McAfee-GW-Edition 20171108
Microsoft 20171108
eScan 20171108
NANO-Antivirus 20171108
nProtect 20171108
Palo Alto Networks (Known Signatures) 20171108
Panda 20171108
Qihoo-360 20171108
Rising 20171108
SentinelOne (Static ML) 20171019
Sophos AV 20171108
SUPERAntiSpyware 20171108
Symantec 20171108
Symantec Mobile Insight 20171107
Tencent 20171108
TheHacker 20171102
TotalDefense 20171108
TrendMicro 20171108
TrendMicro-HouseCall 20171108
Trustlook 20171108
VBA32 20171108
VIPRE 20171108
ViRobot 20171108
Webroot 20171108
Yandex 20171108
Zillya 20171108
ZoneAlarm by Check Point 20171108
Zoner 20171108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2000 - 2013 Avira Operations GmbH & Co. KG. All rights reserved.

Product Avira Professional Security
Original name avgntflt.sys
Internal name avgntflt.sys
File version 13.05.01.10
Description Avira Minifilter Driver
Comments Avira Minifilter Driver - fre_win7_x86
Signature verification Signed file, verified signature
Signing date 7:09 PM 2/26/2013
Signers
[+] Avira Operations GmbH & Co. KG
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 7/20/2011
Valid to 12:59 AM 7/20/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 579E1917CA0EDFEDE3642646A474C28C1E8B48B1
Serial number 54 97 1F F2 38 D2 B8 66 F2 7F C3 FE 6C 9A D5 77
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-26 17:03:36
Entry Point 0x00016208
Number of sections 8
PE sections
Overlays
MD5 aa93932062359332ea7af29ffa70b09d
File type data
Offset 74752
Size 9992
Entropy 7.40
PE imports
FltParseFileNameInformation
FltCreateFile
FltGetVolumeProperties
FltClose
FltCancelFileOpen
FltBuildDefaultSecurityDescriptor
FltGetDiskDeviceObject
FltAllocateContext
FltGetDestinationFileNameInformation
FltRegisterFilter
FltGetFileNameInformation
FltGetStreamHandleContext
FltObjectDereference
FltUnregisterFilter
FltCloseCommunicationPort
FltCloseClientPort
FltSetInstanceContext
FltStartFiltering
FltObjectReference
FltReferenceFileNameInformation
FltSetStreamHandleContext
FltGetInstanceContext
FltGetRoutineAddress
FltReleaseContext
FltCreateCommunicationPort
FltSendMessage
FltDoCompletionProcessingWhenSafe
FltFreeSecurityDescriptor
FltReferenceContext
FltDeleteContext
FltReleaseFileNameInformation
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
ZwOpenKey
ExDeleteResourceLite
_allmul
RtlAppendUnicodeStringToString
RtlCreateSecurityDescriptor
ZwCreateKey
_snwprintf
ExInitializePagedLookasideList
IoWriteErrorLogEntry
IoIsWdmVersionAvailable
ZwWriteFile
SeExports
KeTickCount
KeNumberProcessors
ExInitializeResourceLite
InterlockedPopEntrySList
RtlAddAccessAllowedAce
PsTerminateSystemThread
IoDeleteSymbolicLink
KeSetEvent
RtlNtStatusToDosError
ObReferenceObjectByHandle
RtlLookupElementGenericTableAvl
RtlFreeUnicodeString
MmGetSystemRoutineAddress
memcpy
SeQueryInformationToken
memmove
ObOpenObjectByPointer
InterlockedPushEntrySList
IoThreadToProcess
RtlLengthSecurityDescriptor
IoCreateSymbolicLink
ExAcquireResourceSharedLite
RtlInitializeGenericTableAvl
ZwReadFile
RtlGetSaclSecurityDescriptor
IoGetDeviceObjectPointer
memset
_wcsnicmp
ZwQuerySymbolicLinkObject
SeCaptureSecurityDescriptor
ExReleaseResourceLite
RtlEnumerateGenericTableWithoutSplayingAvl
IoCreateDevice
IoGetStackLimits
IoDeleteDevice
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
RtlInsertElementGenericTableAvl
RtlGetVersion
KeResetEvent
KeEnterCriticalRegion
RtlSetDaclSecurityDescriptor
PsCreateSystemThread
IoDeviceObjectType
ZwSetSecurityObject
ZwSetValueKey
RtlCompareMemory
KeQuerySystemTime
RtlInitUnicodeString
_wcsupr
KeInitializeEvent
MmMapLockedPagesSpecifyCache
RtlDeleteElementGenericTableAvl
toupper
RtlUnwind
strncpy
RtlUpcaseUnicodeChar
ExDeletePagedLookasideList
KeWaitForMultipleObjects
IoBuildDeviceIoControlRequest
wcsncat
KeClearEvent
ExAllocatePoolWithTag
RtlUpcaseUnicodeString
KeGetCurrentThread
RtlAnsiStringToUnicodeString
PsDereferenceImpersonationToken
RtlGetDaclSecurityDescriptor
wcschr
KeWaitForSingleObject
ExAcquireResourceExclusiveLite
RtlCompareUnicodeString
RtlLengthSid
PsGetCurrentThreadId
IoFileObjectType
IoAllocateErrorLogEntry
RtlInitAnsiString
KeQueryTimeIncrement
PsGetProcessId
ObfDereferenceObject
PsDereferencePrimaryToken
SeTokenType
RtlValidSid
PsRevertToSelf
ZwQueryInformationFile
RtlCopyUnicodeString
SeImpersonateClientEx
RtlAbsoluteToSelfRelativeSD
IoGetTopLevelIrp
RtlPrefixUnicodeString
PsThreadType
SeCreateClientSecurity
RtlGetOwnerSecurityDescriptor
IofCompleteRequest
KeLeaveCriticalRegion
ZwQueryValueKey
IoIsSystemThread
ExFreePoolWithTag
RtlGetGroupSecurityDescriptor
ZwSetInformationFile
ZwOpenSymbolicLinkObject
IoGetAttachedDeviceReference
IoCreateSynchronizationEvent
PsGetCurrentProcessId
KeBugCheckEx
KeDelayExecutionThread
IofCallDriver
ZwClose
Number of PE resources by type
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
AntiVir is a registered trademark of Avira GmbH, Germany

SubsystemVersion
6.1

Comments
Avira Minifilter Driver - fre_win7_x86

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
7

FileVersionNumber
13.5.1.10

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Avira Minifilter Driver

CharacterSet
Unicode

InitializedDataSize
25088

EntryPoint
0x16208

OriginalFileName
avgntflt.sys

MIMEType
application/octet-stream

LegalCopyright
Copyright 2000 - 2013 Avira Operations GmbH & Co. KG. All rights reserved.

FileVersion
13.05.01.10

TimeStamp
2013:02:26 18:03:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
avgntflt.sys

ProductVersion
13.05.01.10

UninitializedDataSize
0

OSVersion
6.1

FileOS
Windows NT

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira Operations GmbH & Co. KG

CodeSize
62464

ProductName
Avira Professional Security

ProductVersionNumber
13.5.1.10

FileTypeExtension
exe

ObjectFileType
Driver

Compressed bundles
File identification
MD5 87425709a251386064c99b684bf96f72
SHA1 709cea0ac7d9495a8d21473e8ae643367c0cf929
SHA256 afe653d7a673af7863f00e344a7055f5bd53c78ce5344e286cbcbf63b3443440
ssdeep
768:IEdwUOCHkgTgoWRRhC3zstsRoa0ue8imP9FD+wBLUwX0I4bPKkpnt9FLrBWgTVaz:rdDOCAZgDnRoKiu9FD+iBoTd5TVlDDu

authentihash 4dfb8b457127d67344d042d764861acf301aaec22fff9d69c9cfb3a1ec46ac84
imphash 5cbd5f247baa50a1f65acab8657a927b
File size 82.8 KB ( 84744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe native signed overlay

VirusTotal metadata
First submission 2013-03-27 09:39:40 UTC ( 6 years ago )
Last submission 2014-08-02 23:26:26 UTC ( 4 years, 7 months ago )
File names avgntflt.sys
avgntflt.sys
avgntflt.sys
avgntflt.sys
vt-upload-UnYITo
avgntflt.sys
avgntflt.sys
avgntflt.sys
file-5779834_sys
avgntflt.sys
avgntflt.sys
avgntflt.sys
avgntflt.sys
avgntflt.sys
avgntflt.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!