home

cprotect.sys

CProtect

Beijing AmazGame Age Internet Technology Co., Ltd.

The file cprotect.sys, “CYOU Game Protector” by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows kernel mode device driver named “CYouProtect”.
Publisher:
CYOU-INC  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
CProtect

Description:
CYOU Game Protector

Version:
2014.12.10.01 built by: WinDDK

MD5:
8bbd4afb9099422eb0772a6afc470769

SHA-1:
bfe447d3cebeebb221ea43a787579b14152b1d3d

SHA-256:
4792cd088dd08c1b24798fec096a727d7f2ae785535b11e56819c7433ff7ea23

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:20:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingA
16.11.16.13

File size:
184.6 KB (189,048 bytes)

Product version:
1.0.0

Copyright:
Copyright (c) CYOU-INC. All rights reserved.

Original file name:
CProtect

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\windows\cprotect.sys

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/3/2014 8:00:00 AM

Valid to:
3/3/2017 7:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Tech Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71C0B8F7F8E7AE5DD00BF1016794A6EF

File PE Metadata
Compilation timestamp:
7/23/2015 10:57:30 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:4iMzjLEjh3Cv595kPPyQ0hTxIy4ZjLqXYHRCN+r8a406ieWYnPXVHWVp0Yvs1:JMzskvVkn50h9yROYx1waSXnvVHWVpK1

Entry address:
0x42C43

Entry point:
68, B2, 44, D8, C7, E8, 84, BD, 00, 00, 29, C6, C6, 04, 24, 49, E9, D2, E0, 00, 00, E8, 43, CF, 00, 00, F2, AE, C6, 44, 24, 04, A8, 8D, 64, 24, 24, 0F, 85, 22, 42, 00, 00, 66, 0F, BC, CC, 08, C1, 89, F9, 66, 0F, B3, CE, 29, D9, 66, 29, DE, 66, 89, FE, 60, 66, D3, DE, 8D, 74, 24, 20, 38, CC, 83, EF, 04, FF, 34, 24, FF, 37, 8F, 44, 24, 20, E8, 0A, 90, 00, 00, 68, A8, 8F, 81, 5A, 8D, 64, 24, 08, 0F, 85, BD, 42, 00, 00, 66, 0F, BA, FF, 0B, 0F, BA, EF, 01, 66, 81, CF, B0, B9, 8B, 7A, 24, 66, 81, FA, 92, 47, 57...
 
[+]

Entropy:
7.8147  (probably packed)

Code size:
13.5 KB (13,824 bytes)

Driver
Display name:
CYouProtect

Type:
Kernel device driver (KernelDriver)


Remove cprotect.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.