home

cprotect.exe

CProtect

Beijing AmazGame Age Internet Technology Co., Ltd.

The application cprotect.exe, “CYOU Game Protector” by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
CYOU-INC  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
CProtect

Description:
CYOU Game Protector

Version:
1, 2, 1, 0

MD5:
d8bb8c004e6129276e732dda185efe8e

SHA-1:
6844769316b404e0e2d4a9e7f114bbf20eea7e9b

SHA-256:
f8436efeec16dd860b3264434f1f0741f9a5770acfea4211e43b28a88e082b2b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/1/2024 2:00:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingA
16.9.30.21

File size:
5.2 MB (5,471,080 bytes)

Product version:
1, 2, 1, 0

Copyright:
Copyright (c) CYOU-INC. All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\warframe\downloadedcy\public\tools\changyou\cprotect.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/3/2014 8:00:00 AM

Valid to:
3/3/2017 7:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Tech Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71C0B8F7F8E7AE5DD00BF1016794A6EF

File PE Metadata
Compilation timestamp:
7/16/2015 9:14:18 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:1GFMuOyqlovMIE1h7hyRml8EuGlCUZ0GkBjayfpH0XObV1f9:1GOuOoq1h7R8fG1ZXkrfpH0+bTf9

Entry address:
0x9F4772

Entry point:
9C, C6, 04, 24, F1, 57, C7, 44, 24, 04, 70, 21, D5, 04, 9C, C7, 44, 24, 04, B7, 3B, 62, 74, 60, 66, C7, 44, 24, 04, 02, 12, 88, 1C, 24, 8D, 64, 24, 24, E9, A7, 7B, 04, 00, C1, 0C, 1E, 0F, 0D, 1C, 15, A6, BC, 86, 65, 87, 5E, 9B, 68, 7E, 20, DB, CD, DC, C2, D3, E1, F0, FE, EF, 9F, 27, 51, AA, D8, 23, 0D, 1C, 7C, C4, E2, F3, E6, 0A, 5F, 18, C6, D3, 97, 0D, 75, BB, 08, 42, 2B, 31, 20, 69, 2E, 8B, 95, 44, C1, 04, 6D, 54, 35, 3A, 20, D3, 02, 3B, 85, 5D, FA, B2, 90, D4, 91, FC, 42, 50, E9, 16, 35, F7, 01, 48, F6...
 
[+]

Entropy:
7.8636  (probably packed)

Code size:
395 KB (404,480 bytes)

Remove cprotect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.