Gridinsoft Logo

The mcamvusb7.sys (Virtual USB MultiKey64) File Analysis

Updated 2 days ago
Checked by Malaware Check
mcamvusb7.sys

Technical Analysis

File Name mcamvusb7.sys
File Type
Win32 EXE
Magic Bytes PE32+ executable (native) x86-64, for MS Windows
SSDEEP Hash
1536:RICS4AZJnvrvUcveb5sAOcWCLG6tB0Tiwp:a3JnvrvH+sAOcWWG6tuuwp
Scanner Version 1.0.217.174
Database Version 2025-06-03 21:00:21 UTC

Suspicious File Detected

Detected by 44 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
60%
Detection Rate
77,984
File Size (bytes)
44/73
Engines Detected
2025-06-03
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
85d3ee9d93a20e33c0ad5f37ab5555fe
SHA1
5b3d28c3e663865f0ba2d6cccdc3692c4bd7ee34
SHA256
6b6fa799a011cc0fd90a2fcf1415a14afefbc6544c1b6abf8a13bba4315f4409
SHA512
b475e0251bb487c3f092b6962ba8dd65ac2125b9a19bb6842f9b4a072251e6d66b0d05a0b512cf52bcab87b64f3fcfbbc2ea652ca1b8e8b7a73943babbecd1a9
ImpHash
40bc7c96a49b823ba43d53770f0440e2

Security Engines with Detections (44 of 73)

Bkav
W64.AIDetectMalware Malicious
Lionic
Trojan.Win32.MultiKey.4!c Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Trojan.GenericKD.50351723 Malicious
CAT-QuickHeal
Trojan.Ghanarava.17404768975555fe Malicious
ALYac
Trojan.GenericKD.50351723 Malicious
Malwarebytes
RiskWare.MultiKey Malicious
Zillya
Trojan.DongleHack.Win64.1 Malicious
K7AntiVirus
Unwanted-Program ( 004e6c4d1 ) Malicious
K7GW
Unwanted-Program ( 004e6c4d1 ) Malicious
CrowdStrike
win/grayware_confidence_100% (W) Malicious
Symantec
Trojan.Gen.MBT Malicious
ESET-NOD32
Win64/DongleHack.MultiKey.A potentially unsafe Malicious
TrendMicro-HouseCall
HackTool.Win64.Patcher.AB Malicious
Paloalto
generic.ml Malicious
ClamAV
Revoked.CRT.HookSignTool-10000379-0 Malicious
BitDefender
Trojan.GenericKD.50351723 Malicious
Avast
FileRepMalware [Misc] Malicious
Rising
Trojan.MalCert!1.C2EF (CLASSIC) Malicious
Emsisoft
Trojan.GenericKD.50351723 (B) Malicious
Google
Detected Malicious
VIPRE
Trojan.GenericKD.50351723 Malicious
TrendMicro
HackTool.Win64.Patcher.AB Malicious
McAfeeD
ti!6B6FA799A011 Malicious
CTX
sys.trojan.multikey Malicious
Sophos
Mal/Hooksign-A Malicious
Ikarus
PUA.FakeCert Malicious
FireEye
Trojan.GenericKD.50351723 Malicious
Varist
W64/ABTrojan.XPVH-4470 Malicious
Fortinet
Adware/DongleHack_MultiKey Malicious
Antiy-AVL
GrayWare/Win32.Presenoker Malicious
Kingsoft
Win64.Troj.DongleHack.A Malicious
Gridinsoft
Adware.Win64.Agent.sd!c Malicious
Xcitium
ApplicUnwnt@#395rh1mi4lul2 Malicious
Arcabit
Trojan.Generic.D3004E6B Malicious
ZoneAlarm
Mal/Hooksign-A Malicious
Microsoft
PUA:Win32/ClickAthlete Malicious
VBA32
Adware.DongleHack_MultiKey Malicious
Cylance
Unsafe Malicious
Yandex
Riskware.MultiKey!QRc2qN0IXUs Malicious
MaxSecure
Trojan.Malware.184323538.susgen Malicious
GData
Trojan.GenericKD.50351723 Malicious
AVG
FileRepMalware [Misc] Malicious
DeepInstinct
MALICIOUS Malicious
29 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x00010000
Entry Point 0x000231a0
Compilation Time 2009-05-16 17:38:21
Checksum 0x00013630 (Actual: 0x00013630)
OS Version 5.2
PEiD Signatures PE32+ executable (native) x86-64, for MS Windows
PDB Path z:\develop\multikey\mk_18_1\src\objfre_wnet_AMD64\amd64\MultiKey.pdb
Digital Signature An error occurred while validating the countersignature: Chain verification from CN=Fake TimeStamp Responder, OU=timestamp.pki.jemmylovejenny.tk, O=JemmyLoveJenny PKI Service, C=CN (serial:40796907452728823954982879920791805350, sha1:8179d6dde6d8fe7248aaeed1c2287ba6e2de4cfb) failed: Unable to build a validation path for the certificate "Common Name: Fake TimeStamp Responder, Organizational Unit: timestamp.pki.jemmylovejenny.tk, Organization: JemmyLoveJenny PKI Service, Country: CN" - no issuer matching "Common Name: JemmyLoveJenny EV Root CA, Organizational Unit: pki.jemmylovejenny.tk, Organization: JemmyLoveJenny PKI Service, Country: CN" was found
Imports 1 libraries
ntoskrnl
Exports 0 functions
Resources 1 Resources
Sections 6 Sections

Version Information

CompanyName Chingachguk & Denger2k (Elite & SP edition)
FileDescription Virtual USB MultiKey64
FileVersion 0.18.1.0 built by: WinDDK
InternalName MultiKey.sys
LegalCopyright Copyright (C) 2004-2009 by Chingachguk & Denger2k
OriginalFilename MultiKey.sys
ProductName Virtual USB MultiKey64
ProductVersion 0.18.1.0
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 27,936 bytes 28,160 bytes 7.09 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7D69032F98A2AD1CCA2AC4080FB1BFEA
.data 0x00008000 756 bytes 512 bytes 1.73 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 179B7E131BCDB6F82030F1F80C031EC7
.pdata 0x00009000 1,500 bytes 1,536 bytes 4.54 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 75BF1AF80CED65364F3DCBFE7EF7D00F
PAGE 0x0000a000 32,866 bytes 33,280 bytes 6.23 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6520A5EEE49FF427D814A7C52D1768AC
INIT 0x00013000 1,798 bytes 2,048 bytes 5.18 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F4C420D442559EE3F6968D9DD83E05D4
.rsrc 0x00014000 1,008 bytes 1,024 bytes 3.34 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 7387ED7FA8DB25F281699F73B06C7319
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 1 (912 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 912 bytes
100%

Certificate Chain Analysis

Certificate Information
Product Virtual USB MultiKey64
Description Virtual USB MultiKey64
File Version 0.18.1.0 built by: WinDDK
Original Name MultiKey.sys
Verification Status The timestamp signature and/or certificate could not be verified or is malformed.
Internal Name MultiKey.sys
Copyright Copyright (C) 2004-2009 by Chingachguk & Denger2k
Certificate Chain Summary
VeriSign Class 3 Public Primary Certification Authority - G5 #1 Primary
Validity Period: 2011-02-22 19:25:17 → 2021-02-22 19:35:17
Signature Algorithm: sha1RSA
Serial Number: 61 19 93 E4 00 00 00 00 00 1C
Fake TimeStamp Responder #2 Chain
Validity Period: 2000-01-01 00:00:00 → 2099-12-31 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 1E B1 32 D5 7E 79 68 96 0D F2 6E 85 4E B0 DD A6
Beijing Chunbai Technology Development Co., Ltd #3 Chain
Validity Period: 2012-06-18 00:00:00 → 2013-06-18 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 53 B5 E0 B2 51 75 57 D4 A0 5D 20 61 85 82 D0 DD
JemmyLoveJenny EV Root CA #4 Chain
Validity Period: 2000-01-01 00:00:00 → 2099-12-31 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 1E B1 32 D5
JemmyLoveJenny SHA1 TimeStamping Services CA #5 Chain
Validity Period: 2000-01-01 00:00:00 → 2099-12-31 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 1E B1 32 D5 7E 79 68 96

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

An error occurred while validating the countersignature: Chain verification from CN=Fake TimeStamp Responder, OU=timestamp.pki.jemmylovejenny.tk, O=JemmyLoveJenny PKI Service, C=CN (serial:40796907452728823954982879920791805350, sha1:8179d6dde6d8fe7248aaeed1c2287ba6e2de4cfb) failed: Unable to build a validation path for the certificate "Common Name: Fake TimeStamp Responder, Organizational Unit: timestamp.pki.jemmylovejenny.tk, Organization: JemmyLoveJenny PKI Service, Country: CN" - no issuer matching "Common Name: JemmyLoveJenny EV Root CA, Organizational Unit: pki.jemmylovejenny.tk, Organization: JemmyLoveJenny PKI Service, Country: CN" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
44 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware