wayprotect32.sys

Btra Away Ltda - ME

It runs as a Windows kernel mode device driver named “WayProtect”.
Publisher:
Btra Away Ltda - ME  (signed and verified)

MD5:
d7e9c28d8766a543f6a35c875ea05505

SHA-1:
01ba405a49043458ace5d6299e195670402ea26e

SHA-256:
29c1f75f2d6a03971f42a7572d404db19dcd1648508776aa7ec188bef4698d43

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/28/2024 10:49:47 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM00.1.0000.Malware.Gen
1.0.0.1120

File size:
755.6 KB (773,712 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Program Files\muaway\wayprotect32.sys

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/15/2015 9:00:00 PM

Valid to:
10/15/2016 8:59:59 PM

Subject:
CN=Btra Away Ltda - ME, O=Btra Away Ltda - ME, L=Maraba, S=Para, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D0F8404A5DEDB2EFC28EF44D3A50F93

File PE Metadata
Compilation timestamp:
9/26/2016 4:13:15 PM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
12.0

CTPH (ssdeep):
12288:PMPS/velRrj5mJ0IvhSSJ1QV/s8FXJyi7EAcDCV4UEJT6JXAQaQTwTbqs0bkF7Oh:ka06hK3VJyi728EJT6yQrAbqs0bqOxWs

Entry address:
0xEC819

Entry point:
68, 2F, CC, 4E, 49, E8, 60, BB, FF, FF, 00, 00, 00, 4D, 6D, 55, 6E, 6C, 6F, 63, 6B, 50, 61, 67, 65, 73, 00, C7, 45, F0, 00, 01, 00, 00, 66, C1, CF, 36, BF, 01, 00, 00, 00, 66, 81, FA, 73, 60, 13, C6, 8B, 45, 08, F5, 81, FA, 00, 00, 00, 01, E9, 38, B7, 08, 00, F5, 8D, 80, 6C, 0E, 00, 00, 66, 3B, D2, 83, 7F, 30, 00, E9, 37, C2, FF, FF, 0F, 85, E5, F8, FF, FF, 83, FF, 14, E9, 1E, 86, 09, 00, 00, 00, 00, 76, 73, 70, 72, 69, 6E, 74, 66, 5F, 73, 00, 89, 45, 10, E9, E2, AD, 09, 00, 00, 00, 00, 52, 74, 6C, 4C, 65...
 
[+]

Code size:
22 KB (22,528 bytes)

Driver
Display name:
WayProtect

Type:
Kernel device driver (KernelDriver)


Scan wayprotect32.sys - Powered by Reason Core Security