home

wayprotect32.sys

Btra Away Ltda - ME

It runs as a Windows kernel mode device driver named “WayProtect”.
Publisher:
Btra Away Ltda - ME  (signed and verified)

MD5:
a0c1ca3a1912a341d091477ab4bc6953

SHA-1:
c2fed29774e51af15c3ec51a116611466339d41b

SHA-256:
684d741e5d890d4aa51759eea53d08fc2c5051e200e622c0528448870d65eb53

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 7:43:03 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Malware-Cryptor.General.6
3.12.26.4

File size:
767.2 KB (785,640 bytes)

File type:
Driver (Win32 SYS)

Digital Signature
Signed by:
Btra Away Ltda - ME

Authority:
VeriSign, Inc.

Valid from:
3/24/2016 9:00:00 PM

Valid to:
10/16/2016 9:59:59 PM

Subject:
CN=Btra Away Ltda - ME, O=Btra Away Ltda - ME, L=Maraba, S=Para, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7174B1A630A1882CF557D67F83FB7545

File PE Metadata
Compilation timestamp:
10/5/2016 4:36:45 PM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
12.0

CTPH (ssdeep):
12288:WRMktn+cFcbidiuhv7M/WxCJvsJqus1RoFYcC5QBMZ6DswnXDSDCdlkm0wUDhg/I:WOkMiJZDcWAJ6ORZcCema9XDMCdlkm0/

Entry address:
0xFDA68

Entry point:
68, 7B, 75, 4E, 01, E8, 0C, B5, FE, FF, 3B, CD, 0B, F1, 40, 0F, BB, F1, 23, CF, 66, 81, FF, 1B, 45, 89, 45, 08, 8B, CA, F7, C1, 7D, 73, 18, 14, 85, EB, C1, E9, 0B, 85, F4, 66, F7, C5, B3, 6A, 3B, E1, 0F, AF, CF, 66, 85, CF, 3B, F1, E9, FE, 4E, 09, 00, 89, 45, F4, 0F, 85, FE, 1C, 00, 00, 83, 7F, 2C, 00, E9, EF, 1C, 00, 00, 00, 00, 00, 77, 63, 73, 72, 63, 68, 72, 00, 13, 48, A3, 25, C0, A1, 6D, 5C, 5A, 2E, 20, 51, 5C, DA, 9F, F1, BD, 5D, 5A, 73, 84, F5, A3, A5, 95, D4, 88, A2, A5, AF, D6, 6D, 5C, DA, 48, 07...
 
[+]

Code size:
22.5 KB (23,040 bytes)

Driver
Display name:
WayProtect

Type:
Kernel device driver (KernelDriver)


Scan wayprotect32.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.