home

pprotector64.sys

PProtector

Beijing Perfect World Network Technology Co.,Ltd.

It runs as a Windows 64-bit kernel mode device driver named “PProtector”.
Publisher:
Perfect World Co.,Ltd.  (signed by Beijing Perfect World Network Technology Co.,Ltd.)

Product:
PProtector

Description:
Perfect World Game Protector

Version:
2015.05.28.10 built by: WinDDK

MD5:
434004b7e595bad672dd09572ea7af76

SHA-1:
142e49c316e311222071339895ee32739fa53371

SHA-256:
4464a4d377f5d997ed1fdeb8970859508849a67c2d4522d6c7f643c30e6e5414

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 10:19:50 PM UTC  (today)

File size:
266.2 KB (272,584 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (c)Perfect World Co.,Ltd. All rights reserved.

Original file name:
PProtector

File type:
Driver (Win64 SYS)

Digital Signature
Signed by:
Beijing Perfect World Network Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
5/8/2016 8:00:00 AM

Valid to:
7/8/2019 7:59:59 AM

Subject:
CN="Beijing Perfect World Network Technology Co.,Ltd.", OU=Technology Department, O="Beijing Perfect World Network Technology Co.,Ltd.", L=Binjing, S=Binjing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
26276EE2DD9A566DEE2C52B26B9BADBE

File PE Metadata
Compilation timestamp:
8/8/2016 3:14:07 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:gH8Kg06zRJLumqtHo3valAvCh1nW8Tv1tWV6PS48d:gHSzHuhHtlP1XPWHd

Entry address:
0x78B10

Entry point:
E9, 8B, 31, 00, 00, E9, 57, C4, FC, FF, B1, FC, 0F, 94, C2, 0F, B6, D2, 66, 0F, B6, CB, 48, 89, C2, 48, 0F, C9, 48, 8D, 83, 05, AF, 7D, CD, B9, 00, 00, 00, 00, 0F, B6, C3, 48, 8D, 04, 45, BC, 12, 85, 2B, 48, 8D, 05, EE, D4, FC, FF, E9, 55, FC, FC, FF, 0F, 84, 77, 28, 00, 00, E9, D3, E5, FC, FF, B6, 92, 65, 4B, E6, C8, A9, AB, 5F, 3B, 3B, D7, 1F, 7B, FB, 47, 1A, 8C, 08, C8, 79, 73, 21, D9, 2D, E5, D9, B2, E8, 85, 0D, 36, 31, D6, 60, 97, 6F, 0A, 34, F7, 7B, 9D, 1D, 5A, 9D, E6, E6, 34, ED, 86, 98, 92, 06, 8B...
 
[+]

Entropy:
7.8535

Packer / compiler:
Xtreme-Protector v1.05

Code size:
12.5 KB (12,800 bytes)

Driver
Display name:
PProtector

Type:
Kernel device driver (KernelDriver)


Scan pprotector64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.