home

ezsnap64.sys

EzSnap

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The file ezsnap64.sys by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “DPS EzBackup Image Snapshot Filter Driver”.
Publisher:
DPS(Data Protection Solution)  (signed by Data Protection Solutions)

Product:
EzSnap

Version:
1, 0, 0, 35

MD5:
226f467f56614d02efa857a31e60fa5b

SHA-1:
3fe49192bf704518f74b87a429fbb9fc8253966d

SHA-256:
2f2daffdec13f7f3d25ed42e6c89cf4b841f4923af1992fbf8acdf1d7cec99ee

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 11:25:22 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt.DataProt (M)
16.5.24.18

File size:
34.5 KB (35,352 bytes)

Product version:
1, 0, 0, 35

Copyright:
Copyright (C) 2008 - 2012

Original file name:
EzSnap.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\ezsnap64.sys

Digital Signature
Signed by:
Data Protection Solutions

Authority:
VeriSign, Inc.

Valid from:
5/14/2009 8:00:00 AM

Valid to:
6/2/2012 7:59:59 AM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=Hollywood, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4A94FECAA3069A29FA52BE29A59C1947

File PE Metadata
Compilation timestamp:
2/24/2012 5:06:31 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
768:h7lVfNFcc2JxH8Mbl8wqvyhrtV8LNKbAFmU:j5fcc2JxH87wqctV8cZU

Entry address:
0xA2E8

Entry point:
48, 8B, 05, 11, CE, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, F6, CD, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, CE, CD, FF, FF, 48, F7, D0, 48, 89, 05, CC, CD, FF, FF, E9, CF, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 65, 6E, 74, 65, 72, 65, 64, 20, 53, 6E, 61, 70, 28, 31, 29, 20, 44, 72, 69, 76, 65, 72, 45, 6E...
 
[+]

Entropy:
5.9300

Code size:
23.5 KB (24,064 bytes)

Driver
Display name:
DPS EzBackup Image Snapshot Filter Driver

Service name:
EzSnap

Type:
Kernel device driver (KernelDriver)


Remove ezsnap64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.