home

nxdhlp12.sys

Windows Codename Longhorn DDK driver

NetZone Info-Tech Co., Ltd., Shanghai

The file nxdhlp12.sys, “Diskless Client Helper” by NetZone Info-Tech Co.,, Shanghai has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows kernel mode device driver named “VirtualTOP Helper Driver”.
Publisher:
Windows (R) Codename Longhorn DDK provider  (signed by NetZone Info-Tech Co., Ltd., Shanghai)

Product:
Windows (R) Codename Longhorn DDK driver

Description:
Diskless Client Helper

Version:
6.0.6000.16386 built by: WinDDK

MD5:
277e57c3cbb9efe7990ffde4b5ad7db0

SHA-1:
5ff06b89f485a7b1c57ba6a80fefcb95ba11712b

SHA-256:
11785d43b0328b4509150ced8d910cc09c1acd8119185f1de4e18f6b7740c361

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:44:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.NetZoneI
17.3.16.3

File size:
179.6 KB (183,896 bytes)

Product version:
6.0.6000.16386

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
nxdhlp.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\nxdhlp12.sys

Digital Signature
Signed by:
NetZone Info-Tech Co., Ltd., Shanghai

Authority:
VeriSign, Inc.

Valid from:
7/25/2014 9:00:00 AM

Valid to:
10/25/2015 8:59:59 AM

Subject:
CN="NetZone Info-Tech Co., Ltd., Shanghai", OU=IT, O="NetZone Info-Tech Co., Ltd., Shanghai", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2BB3BEA0B887375E383FD6239CB02BDF

File PE Metadata
Compilation timestamp:
9/25/2015 4:41:53 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

Entry address:
0x2C1F8

Entry point:
60, C7, 44, 24, 1C, E6, E6, 12, FA, 55, E9, 22, B6, FF, FF, 9C, 9F, 58, B0, E9, 8D, 05, F0, 90, 03, 00, E8, AD, 84, FF, FF, 09, C9, 66, C7, 04, 24, 00, 01, 68, 4A, C9, F2, E1, 9C, 8D, 64, 24, 0C, 0F, 84, 06, 8C, FF, FF, 66, 0F, BE, D0, 8D, 53, 04, E8, 0A, 92, FF, FF, E9, 20, 8B, FF, FF, 60, 09, C0, 9C, 60, 8D, 64, 24, 44, 0F, 85, E6, 8B, FF, FF, 21, D9, 66, 0F, B3, C1, 00, E1, 8B, 0B, 60, F9, F5, 09, C9, 57, 9C, 88, 4C, 24, 04, 8D, 64, 24, 28, 0F, 84, C7, 8B, FF, FF, C6, C6, 5E, 9C, 8D, 53, 04, 60, 66, 0F...
 
[+]

Entropy:
7.5156

Code size:
31 KB (31,744 bytes)

Driver
Display name:
VirtualTOP Helper Driver

Service name:
nxdhlp

Type:
Kernel device driver (KernelDriver)

Group:
Boot Bus Extender


Remove nxdhlp12.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.