wayprotect32.sys

Btra Away Ltda - ME

It runs as a Windows kernel mode device driver named “WayProtect”.
Publisher:
Btra Away Ltda - ME  (signed and verified)

MD5:
5cf08cd459642f1cb76118144630742e

SHA-1:
e5bd64a04925b135a322fd660a7b5360ed6cd4ac

SHA-256:
1da1bd2f0558416aeae896c5e6b1dc8031e591d0680281a88911a3916a8222a0

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/28/2024 11:25:15 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Malware-Cryptor.General.6
3.12.26.4

File size:
776.6 KB (795,208 bytes)

File type:
Driver (Win32 SYS)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/24/2016 9:00:00 PM

Valid to:
10/16/2016 9:59:59 PM

Subject:
CN=Btra Away Ltda - ME, O=Btra Away Ltda - ME, L=Maraba, S=Para, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7174B1A630A1882CF557D67F83FB7545

File PE Metadata
Compilation timestamp:
8/29/2016 11:01:17 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
12.0

CTPH (ssdeep):
12288:XRfFStbydgijdZ1/IvOsq1aJy841b2GLohGJFhoU3nNHxaZxRLcoeYe:BtBgq1/QOsCaJU5rLveqNHxaZ/Lte

Entry address:
0x1018A4

Entry point:
68, FF, D7, 80, FD, E8, F1, E5, FE, FF, 00, 00, 49, 6F, 41, 6C, 6C, 6F, 63, 61, 74, 65, 4D, 64, 6C, 00, 0F, 83, 14, A1, 00, 00, 8B, D1, F8, 03, FF, E9, D8, BD, 00, 00, 0F, 86, 47, CC, FF, FF, 8B, 4D, 08, 0F, 98, C7, BB, 05, 00, 00, 00, F9, 2B, D9, E9, E9, CE, FF, FF, 8B, 4F, 24, 0F, CB, 66, 0F, BC, D9, 8B, 5F, 38, 3B, CB, 0F, 83, DC, 03, FF, FF, 8B, 47, 28, E9, 74, D4, FF, FF, E8, AD, 0E, 01, 00, 8B, F0, F7, C7, 38, 47, CB, 1D, 85, F4, 3B, F7, 0F, 85, FC, EC, FF, FF, 8B, 4D, 24, F8, 83, 39, 03, E9, DE, EC...
 
[+]

Code size:
22.5 KB (23,040 bytes)

Driver
Display name:
WayProtect

Type:
Kernel device driver (KernelDriver)


Scan wayprotect32.sys - Powered by Reason Core Security