home

ezwatch64.sys

EzBackup File Watcher Driver

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The file ezwatch64.sys by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Data Protection Solutions by Arco  (signed by Data Protection Solutions)

Product:
EzBackup File Watcher Driver

Description:
EzWatch Driver

Version:
1, 0, 0, 59

MD5:
9359da451368369afa459286e5374faa

SHA-1:
bf4fba466fdd608677446403b5eb0418a3f9929c

SHA-256:
e1941e46211d2236fa9fd36e69c5eed75dbe89e715acf6732cbd12cf22d5b9ad

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 11:43:01 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt.DataProtectionSolutions (M)
15.11.3.8

File size:
86.3 KB (88,352 bytes)

Product version:
1, 0, 0, 59

Copyright:
Copyright (C) 2001-2010

Trademarks:
EzBackup

Original file name:
EzWatch.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Program Files\dps\ezmigration\system32\x64\ezwatch64.sys

Digital Signature
Signed by:
Data Protection Solutions

Authority:
VeriSign, Inc.

Valid from:
5/29/2012 8:00:00 PM

Valid to:
6/1/2013 7:59:59 PM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=Hollywood, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3C4D0FDF8E1C6992488CADAE56F6EE84

File PE Metadata
Compilation timestamp:
3/5/2012 1:50:35 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
1536:FO6nQI22ZTpis7yEb+jXTdu0g6Sxct33Zcn:AVqZTpimb+/duZ6SGh3W

Entry address:
0x161C8

Entry point:
48, 8B, 05, 31, BF, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, 16, BF, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, EE, BE, FF, FF, 48, F7, D0, 48, 89, 05, EC, BE, FF, FF, E9, EF, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 50, 61, 73, 73, 54, 68, 72, 6F, 75, 67, 68, 21, 44, 72, 69, 76, 65, 72, 45, 6E, 74, 72, 79, 3A...
 
[+]

Entropy:
5.8091

Code size:
70.5 KB (72,192 bytes)

Remove ezwatch64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.