home

pprotector64.sys

PProtector

Beijing Perfect World Network Technology Co.,Ltd.

It runs as a Windows 64-bit kernel mode device driver named “PProtector”.
Publisher:
Perfect World Co.,Ltd.  (signed by Beijing Perfect World Network Technology Co.,Ltd.)

Product:
PProtector

Description:
Perfect World Game Protector

Version:
2015.05.28.10 built by: WinDDK

MD5:
cad4490023eac485d412220656e97780

SHA-1:
7903689172a121d29435b6a8ae9c5b307e1e4d18

SHA-256:
241c8db269bf0b02a5d982008ec69ff75bc922c10980684ac163752af5a4fcdc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 11:35:15 PM UTC  (a few moments ago)

File size:
249.2 KB (255,184 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (c)Perfect World Co.,Ltd. All rights reserved.

Original file name:
PProtector

File type:
Driver (Win64 SYS)

Language:
English (United States)

Digital Signature
Signed by:
Beijing Perfect World Network Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/11/2015 8:00:00 AM

Valid to:
6/11/2016 7:59:59 AM

Subject:
CN="Beijing Perfect World Network Technology Co.,Ltd.", OU=Technology Department, O="Beijing Perfect World Network Technology Co.,Ltd.", L=Binjing, S=Binjing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
187FD5A5978192DA4210A4EB36F941A1

File PE Metadata
Compilation timestamp:
2/17/2016 10:12:10 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:P73Mq3fGmNEPR9QtG5gdRCMSYFvQDsX/h9om3:d3emNEZ4dYYaa/

Entry address:
0x74D77

Entry point:
E9, EF, AF, FC, FF, 0F, 87, ED, E7, FC, FF, E9, D7, BD, FF, FF, E9, 51, D2, FF, FF, C0, C8, 03, F8, F8, E9, 3A, 24, FD, FF, 48, 83, EF, 08, F9, 66, F7, C4, E9, 85, FF, 37, E9, 6C, AB, FC, FF, 00, 00, 4D, 6D, 4D, 61, 70, 4C, 6F, 63, 6B, 65, 64, 50, 61, 67, 65, 73, 53, 70, 65, 63, 69, 66, 79, 43, 61, 63, 68, 65, 00, E9, BC, FF, FF, FF, 25, 53, 00, 0F, 82, 52, CE, FC, FF, 0F, A3, E6, 66, F7, C4, 38, A9, 66, 0F, BA, E4, 08, F8, 48, 3B, 45, F0, E9, 56, D2, FF, FF, E9, 57, A7, FC, FF, 0F, 84, 9D, C1, FC, FF, F5...
 
[+]

Entropy:
7.8462

Packer / compiler:
Xtreme-Protector v1.05

Code size:
12 KB (12,288 bytes)

Driver
Display name:
PProtector

Type:
Kernel device driver (KernelDriver)


Scan pprotector64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.