59b811a7.sys

Internet Widgits Pty Ltd

The file 59b811a7.sys by Internet Widgits Pty has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Internet Widgits Pty Ltd  (signed and verified)

MD5:
361c616302fdce52c84874635724fc1a

SHA-1:
9fb6e9fda53ad71f3cef7a81e1b65900f210067d

SHA-256:
9ef7da52e7fe7e66fd83b1ec5e75b7a22cc8bde94cab12de68d52b80aea79c31

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 5:15:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Internet (M)
16.3.14.3

File size:
85.3 KB (87,336 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\59b811a7.sys

Digital Signature
Authority:
Internet Widgits Pty Ltd

Valid from:
5/2/2013 5:41:20 PM

Valid to:
4/27/2033 5:41:20 PM

Subject:
O=Internet Widgits Pty Ltd, S=Some-State, C=XX

Issuer:
O=Internet Widgits Pty Ltd, S=Some-State, C=XX

Serial number:
00B843F49C287B0E03

File PE Metadata
Compilation timestamp:
8/5/2014 2:33:05 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
1536:5na3729AXuJKWwHRHnnPou6mSokwxjioqoJzk4aIMUf3DRP+pwT1M:BAMKdPoiRjisBdMI3DRP+pv

Entry address:
0x1E00

Entry point:
48, 89, 54, 24, 10, 48, 89, 4C, 24, 08, 53, 57, 48, 81, EC, 58, 02, 00, 00, 48, 8B, 84, 24, 70, 02, 00, 00, 48, 89, 05, 2E, 40, 01, 00, 48, 8B, 84, 24, 78, 02, 00, 00, 48, 89, 05, 27, 40, 01, 00, 8B, BC, 24, 30, 02, 00, 00, C1, E7, B5, 44, 0F, B7, 84, 24, 8C, 00, 00, 00, 8B, 84, 24, 04, 01, 00, 00, 48, 03, 84, 24, D0, 01, 00, 00, 0F, B6, C8, 41, D3, E0, 44, 23, 84, 24, 88, 00, 00, 00, 0F, B7, 94, 24, E4, 00, 00, 00, 03, 94, 24, E0, 00, 00, 00, 8B, 84, 24, E0, 00, 00, 00, 0F, B6, C8, 8B, C2, D3, E8, 8B, C8...
 
[+]

Entropy:
6.5546

Code size:
22 KB (22,528 bytes)

Remove 59b811a7.sys - Powered by Reason Core Security