» easyanticheat.sys
Overview
Analysis
File Details
Behaviors (1)

easyanticheat.sys

EasyAntiCheat Solutions

It runs as a Windows kernel mode device driver named “EasyAntiCheatSys”.

File name:

easyanticheat.sys

Publisher:

EasyAntiCheat Solutions (signed and verified)

MD5:

a29527b22742f76a9ab7194c65943712

SHA-1:

4005bada1debdc7fd15ea61610dc216de7c7e288

SHA-256:

4a23fd083a7110e93814fb690c238c89011b491b96133dcf1b85788d4061fb2a

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

12/27/2024 7:30:01 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

Malware.QVM00.Gen

1.0.0.1015

File size:

320.2 KB (327,896 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\easyanticheat.sys

Digital Signature

Signed by:

EasyAntiCheat Solutions

Authority:

GlobalSign nv-sa

Valid from:

5/21/2013 4:52:48 PM

Valid to:

5/22/2014 4:52:48 PM

Subject:

CN=EasyAntiCheat Solutions, O=EasyAntiCheat Solutions, L=Helsinki, C=FI

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B8FD88FEE2CA64F899D7BF868E3A149E

File PE Metadata

Compilation timestamp:

2/6/2014 12:55:41 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:FKHtCcaz4HDIUVKpZqQSqOI9Ylx8VBOV+TmFO:oCca2DP4ZqmO5Unr

Entry address:

0x4A042

Entry point:

E8, 6F, 91, FF, FF, 8D, 64, 24, 3C, 0F, 87, 81, E1, FF, FF, 0F, 8A, 18, FE, FF, FF, FE, C8, 0F, 90, C0, C0, C8, 06, 29, FB, 0F, BB, FF, 8D, B9, D8, 6E, 62, F0, 66, C1, DF, 09, 01, E3, 14, 88, 89, DF, 84, CA, 56, 68, D9, DC, A8, BB, FE, C0, B0, 2E, 66, 39, EB, F2, AE, E8, 18, DE, FF, FF, F2, AE, E9, 4F, EE, FF, FF, 8D, 05, 42, 49, 05, 00, E9, 30, B3, FF, FF, E8, FF, AB, FF, FF, F6, D0, 8B, 45, F8, 66, 39, D9, F7, C1, 18, 00, 53, 96, 0F, BA, E1, 0F, F9, D1, E0, E9, 79, 83, FF, FF, 8D, 64, 24, 54, 0F, 85, 7C... 
[+]

Entropy:

5.7383

Code size:

17.3 KB (17,664 bytes)

Driver

Display name:

EasyAntiCheatSys

Type:

Kernel device driver (KernelDriver)

Scan easyanticheat.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.