» ezimage_2003_x64.sys
Overview
Analysis
File Details

ezimage_2003_x64.sys

EzBackup Image Driver

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The file ezimage_2003_x64.sys by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Data Protection Solutions by Arco (signed by Data Protection Solutions)

Product:

EzBackup Image Driver

Description:

EzImage Driver

Version:

1, 0, 0, 25

MD5:

9a986d00f581d1b3f21bcc9419df4fbd

SHA-1:

29ccb9d94bc6de9f9056e889e8ed93cf967874ca

SHA-256:

7a418eafda575e1c04c57afb507694e49de83911ba6165c897534eaf35c1b3c0

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

12/26/2024 12:15:06 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt.DataProt (M)

16.5.24.19

File size:

14.8 KB (15,192 bytes)

Product version:

1, 0, 0, 25

Trademarks:

EzBackup

Original file name:

EzImage.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Program Files\dps\ezbackup 5.0\system32\x64\ezimage_2003_x64.sys

Digital Signature

Signed by:

Data Protection Solutions

Authority:

VeriSign, Inc.

Valid from:

7/13/2011 8:00:00 AM

Valid to:

6/2/2012 7:59:59 AM

Subject:

CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=Hollywood, S=Florida, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

44EB7C831EAB6F108628776BD16D247B

File PE Metadata

Compilation timestamp:

6/8/2010 2:46:44 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

192:Gfnq5r7FVul8TNZhh0mm8vdEkERv/rIyowJL/Ar4+p+vzfKr9ZCspE+TMIreq72m:GfnwFK8TNF0mm9RHsYJLx+cfjeM/c2m

Entry address:

0x6008

Entry point:

48, 8B, 05, F1, E0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, E0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, E0, FF, FF, 48, F7, D0, 48, 89, 05, AC, E0, FF, FF, E9, A7, AF, FF, FF, CC, CC, CC, 90, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 63, 00, 00, 00, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3054

Code size:

5.5 KB (5,632 bytes)

Remove ezimage_2003_x64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.