e6fa16a0.sys

Internet Widgits Pty Ltd

The file e6fa16a0.sys by Internet Widgits Pty has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Internet Widgits Pty Ltd  (signed and verified)

MD5:
d18ccf98770efaf3989decd3f6b6e383

SHA-1:
7684e6621f35f7f0fe414f242b9f246c35408555

SHA-256:
06b0027e6a8948c51139a75e45bbc233e4f35ee8a94065adf142f10b45eb07c3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 5:31:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Internet (M)
16.4.20.7

File size:
81.8 KB (83,752 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\e6fa16a0.sys

Digital Signature
Authority:
Internet Widgits Pty Ltd

Valid from:
5/2/2013 5:41:20 PM

Valid to:
4/27/2033 5:41:20 PM

Subject:
O=Internet Widgits Pty Ltd, S=Some-State, C=XX

Issuer:
O=Internet Widgits Pty Ltd, S=Some-State, C=XX

Serial number:
00B843F49C287B0E03

File PE Metadata
Compilation timestamp:
11/10/2012 6:03:02 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
1536:lHp6Ntm0uwW0EDOxcjBt0+HQk+dhKsdkewSmX2ar16h59kD9/iEl9jMU8Sjn5Si:lHkNtmrwW0pSEWQk+doIzwSxa56WiEnj

Entry address:
0x11C40

Entry point:
48, 89, 54, 24, 10, 48, 89, 4C, 24, 08, 53, 56, 57, 48, 81, EC, 20, 02, 00, 00, 83, BC, 24, FC, 01, 00, 00, 00, 74, 0B, 48, C7, 44, 24, 50, 48, 80, 03, 00, EB, 1D, 0F, B6, 8C, 24, 59, 01, 00, 00, 8B, 84, 24, C8, 00, 00, 00, 2B, C1, 2D, 6E, 32, 02, 00, 89, 84, 24, FC, 01, 00, 00, 8B, 8C, 24, 24, 01, 00, 00, E8, EE, 1B, 00, 00, 0F, B7, C0, 05, 99, 18, 0B, 00, 0F, B7, 8C, 24, 50, 01, 00, 00, 2B, C1, 0F, B6, C8, 8B, 84, 24, 08, 01, 00, 00, D3, E0, 8B, C0, 8B, 8C, 24, A4, 00, 00, 00, 48, 03, 8C, 24, 90, 00, 00...
 
[+]

Code size:
76.5 KB (78,336 bytes)

Remove e6fa16a0.sys - Powered by Reason Core Security