home

wayprotect32.sys

Btra Away Ltda - ME

It runs as a Windows kernel mode device driver named “WayProtect”.
Publisher:
Btra Away Ltda - ME  (signed and verified)

MD5:
989179609c56dc9646f91590a5949924

SHA-1:
bc7ba6f63864506dade8c04ffd7d10c7b9f09d60

SHA-256:
1a24efeb7cc95556db16136f8addd0c3d29213dbd4a4cf157f69931b28f45e26

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 11:09:34 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Malware-Cryptor.General.6
3.12.26.4

File size:
754.1 KB (772,176 bytes)

File type:
Driver (Win32 SYS)

Digital Signature
Signed by:
Btra Away Ltda - ME

Authority:
VeriSign, Inc.

Valid from:
1/7/2016 10:00:00 PM

Valid to:
10/16/2016 9:59:59 PM

Subject:
CN=Btra Away Ltda - ME, O=Btra Away Ltda - ME, L=Maraba, S=Para, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4C8EFFAD508C0E801EE50F6BEA0A6B99

File PE Metadata
Compilation timestamp:
1/12/2016 7:23:45 PM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
12.0

CTPH (ssdeep):
12288:QADWvc2h1WZoB1phMS6+0vd3QlhPJKWrbCV9+mMXknu4z+aJ7Rhzz4vlehant0R7:QADW0m17ph76Jl3QtVa3BMXIrJVhzclA

Entry address:
0xEF6B4

Entry point:
68, 02, EA, E4, 83, E8, D9, 79, FF, FF, 60, E0, 7A, 4D, 10, DC, B5, 7A, 4D, E2, 38, 01, 85, B2, 0D, DD, 47, 85, B2, C2, 00, 35, 85, B2, CF, 6F, 79, 7A, 4D, 14, DE, 20, 7A, 4D, 30, E0, 09, 7A, 4D, 5C, 9A, FC, 85, B2, 5E, 9C, A3, 85, B2, 4A, 50, 51, D8, F4, 5A, 7A, 4D, 96, C7, 85, B2, DF, 1F, 41, 7A, 4D, 9A, DE, 7A, 4D, 5A, D2, F5, 27, A2, 89, 7A, 4D, F4, 2A, 40, 85, B2, 44, 44, 85, 85, B2, 3B, 3B, DA, 7A, 4D, 4C, 60, 85, B2, 99, 45, 9A, 85, B2, 90, 54, 66, 7A, 4D, 90, 27, 85, B2, 90, 58, EC, 7A, 4D, DD, E7...
 
[+]

Code size:
745 KB (762,880 bytes)

Driver
Display name:
WayProtect

Type:
Kernel device driver (KernelDriver)


Scan wayprotect32.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.