home

ezimage64.sys

EzBackup Image Driver

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The file ezimage64.sys by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “DPS EzImage”.
Publisher:
Data Protection Solutions by Arco  (signed by Data Protection Solutions)

Product:
EzBackup Image Driver

Description:
EzImage Driver

Version:
1, 0, 0, 25

MD5:
0972d5e8244631029c576261ce4f2f6c

SHA-1:
0c7367d39797051429b2a5034639ffc0c53a95c7

SHA-256:
aa22c811cf510e5b8bcef5f992e42968fe55943fa696c71fa233de8fc325056b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 11:46:54 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt.DataProt (M)
16.5.24.18

File size:
16.2 KB (16,632 bytes)

Product version:
1, 0, 0, 25

Copyright:
Copyright (C) 2001-2009

Trademarks:
EzBackup

Original file name:
EzImage.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\ezimage64.sys

Digital Signature
Signed by:
Data Protection Solutions

Authority:
VeriSign, Inc.

Valid from:
7/13/2011 8:00:00 AM

Valid to:
6/2/2012 7:59:59 AM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=Hollywood, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44EB7C831EAB6F108628776BD16D247B

File PE Metadata
Compilation timestamp:
6/8/2010 2:47:29 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
192:UAfnq5r7FVul8TN/5h0rO8SLShm/rryowJL/Ar4+p+vzfEjtlAur9ZCspE+TMIrx:UAfnwFK8TNr0rOG2vYJLx+cfsUHeMM

Entry address:
0x6008

Entry point:
48, 8B, 05, F1, E0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, E0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, E0, FF, FF, 48, F7, D0, 48, 89, 05, AC, E0, FF, FF, E9, A7, AF, FF, FF, CC, CC, CC, 90, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 63, 00, 00, 00, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4570

Code size:
5.5 KB (5,632 bytes)

Driver
Display name:
DPS EzImage

Service name:
EzImage

Type:
Kernel device driver (KernelDriver)


Remove ezimage64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.