legendasdrv.sys

NetFilter SDK

Dantis Tecnologia Ltda ME

It runs as a Windows kernel mode device driver named “legendasdrv”.
Publisher:
NetFilterSDK.com  (signed by Dantis Tecnologia Ltda ME)

Product:
NetFilter SDK

Description:
NetFilter SDK TDI Hook Driver (WPP)

Version:
1.4.7.9 built by: WinDDK

MD5:
a0fc06595f8185c61af0b4ff2e264b91

SHA-1:
193bcd701a56a60640f6a8baa3521dab18e0a819

SHA-256:
5010568754e825a2ea79adaedb87150f4b5e45267eb586fb4c133576331f32a5

Scanner detections:
4 / 68

Status:
Clean  (4 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/26/2024 11:42:31 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32.Riskware.Netfilter!c
2.1.4+

ESET NOD32
Win32/NetFilter.A potentially unsafe application
6.3

G Data
Win32.Riskware.Netfilter
16.8.25

IKARUS anti.virus
Riskware.Win32.Netfilter
t3scan.2.0.7.0

File size:
56 KB (57,328 bytes)

Product version:
1.4.8.3

Copyright:
Copyright © NetFilterSDK.com

Original file name:
netfilter2.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\legendasdrv.sys

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
9/11/2015 4:44:39 PM

Valid to:
9/11/2016 4:44:39 PM

Subject:
CN=Dantis Tecnologia Ltda ME, O=Dantis Tecnologia Ltda ME, L=Sao Jose, S=Santa Catarina, C=BR

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00953F34DF067F1B14

File PE Metadata
Compilation timestamp:
8/11/2015 8:40:00 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
768:2lOXRA1jTdtTNbrgs3eEydXvrjiwftRI87wNRSH257pmkiYysRIRwi6DgTz:yOXRARjT/3EhTWwfnGRrC3sRIx6sz

Entry address:
0xAD85

Entry point:
8B, FF, 55, 8B, EC, A1, 00, 99, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1E, 8B, 15, A4, 97, 01, 00, B8, 00, 99, 01, 00, C1, E8, 08, 33, 02, A3, 00, 99, 01, 00, 75, 07, 8B, C1, A3, 00, 99, 01, 00, F7, D0, A3, 04, 99, 01, 00, 5D, E9, C9, E3, FF, FF, CC, 2C, AE, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 68, B2, 00, 00, 14, 97, 00, 00, 18, AE, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9E, B2, 00, 00, 00, 97, 00, 00, 24, AE, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BA, B2, 00, 00, 0C, 97, 00, 00, 00...
 
[+]

Code size:
38 KB (38,912 bytes)

Driver
Display name:
legendasdrv

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Scan legendasdrv.sys - Powered by Reason Core Security