» wayprotect32.sys
Overview
Analysis
File Details
Behaviors (1)

wayprotect32.sys

Btra Away Ltda - ME

It runs as a Windows kernel mode device driver named “WayProtect”.

File name:

wayprotect32.sys

Publisher:

Btra Away Ltda - ME (signed and verified)

MD5:

ab5f35112d75821daa7c3e01db2528e3

SHA-1:

d4044c3876ba95ec23b8b07af34ba964542285b3

SHA-256:

c65b5c4d66874404653df08f2cf166c7497714800b155acbe6cd8e26b1d30122

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/15/2024 7:19:55 AM UTC (today)

Scan engine

Detection

Engine version

Vba32 AntiVirus

suspected of Malware-Cryptor.General.6

3.12.26.4

File size:

764.6 KB (782,920 bytes)

File type:

Driver (Win32 SYS)

Digital Signature

Signed by:

Btra Away Ltda - ME

Authority:

VeriSign, Inc.

Valid from:

3/24/2016 9:00:00 PM

Valid to:

10/16/2016 9:59:59 PM

Subject:

CN=Btra Away Ltda - ME, O=Btra Away Ltda - ME, L=Maraba, S=Para, C=BR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7174B1A630A1882CF557D67F83FB7545

File PE Metadata

Compilation timestamp:

9/13/2016 1:53:00 PM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

12.0

CTPH (ssdeep):

12288:W0e9OoSw41RJ4X5hYChtW0WlS1Q3sKTo6nGz7HvKexOX4MbUQQ4W:W0ilSbMJeYs0WlORu3G/vvxOX4YQX

Entry address:

0xEA46B

Entry point:

68, 82, A4, BD, F8, E8, 87, EF, FF, FF, C2, 08, 00, 89, 45, E0, 8B, 45, 24, E9, 95, B3, 08, 00, F7, D1, 8D, 4D, F8, E9, 49, 2B, 0A, 00, 66, 89, 94, 59, C8, 01, 00, 00, 66, 03, D3, F6, DA, 0F, 44, D3, 8B, 55, C8, F9, F5, 89, 7D, C8, 66, 81, C7, 79, 3B, E9, 1B, AF, 08, 00, E9, 52, B7, 09, 00, 8B, 55, F8, F7, D1, 8B, 44, 3A, 24, 8D, 0C, 70, 66, 98, 0F, 40, C7, 0F, B7, 14, 39, 0F, 9C, C0, 66, 98, 0F, BF, C0, 8D, 43, 01, 89, 55, FC, E9, 54, 4F, 09, 00, E9, E7, B3, 08, 00, 5D, 00, 00, 00, 01, 55, 0F, AB, C5, 66... 
[+]

Code size:

22.5 KB (23,040 bytes)

Driver

Display name:

WayProtect

Type:

Kernel device driver (KernelDriver)

Scan wayprotect32.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.