home

cprotect.sys

CProtect

Beijing AmazGame Age Internet Technology Co., Ltd.

The file cprotect.sys, “CYOU Game Protector” by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
CYOU-INC  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
CProtect

Description:
CYOU Game Protector

Version:
2014.12.10.01 built by: WinDDK

MD5:
9961e4a1271b3132f5b993d374b3d57c

SHA-1:
fa2f2f46ea30295c4d38d1996caa2ecfa98d459c

SHA-256:
173a2567e9718cbd98b1b47de3269e84aca714d247f005f8bfeb50d70483f0c2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/30/2024 10:49:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingA
16.7.27.21

File size:
190.6 KB (195,192 bytes)

Product version:
1.0.0

Copyright:
Copyright (c) CYOU-INC. All rights reserved.

Original file name:
CProtect

File type:
Driver (Win32 SYS)

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/3/2014 8:00:00 AM

Valid to:
3/3/2017 7:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Tech Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71C0B8F7F8E7AE5DD00BF1016794A6EF

File PE Metadata
Compilation timestamp:
7/17/2015 8:05:38 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:B5fPCDSdfgV9U8bTieEPuiqA//ILmVAqoM3lh8C+b/0e86ZIDrmJs/TpgFpGfus:B5fPPdQe8b2XPUA//Ii3oGrO/0L6aDyu

Entry address:
0x3347E

Entry point:
9C, 88, 3C, 24, 68, AA, 85, 45, CE, C7, 44, 24, 04, B8, A6, D0, AB, E8, 7C, A0, FF, FF, 0C, B8, 54, 62, ED, 78, 99, EA, 4D, 09, 9C, 6E, 3A, 1A, DA, A6, 72, 54, 67, 15, 35, DF, E1, 6F, 2D, 15, 16, B6, 80, 5E, 2C, 1E, 21, DD, AA, D2, A0, CA, 06, F8, CE, 1D, F9, 93, 8D, 2B, F0, 04, CE, 97, 86, D9, 52, 7A, 8A, 68, 30, 45, 23, ED, AF, 91, C6, 1E, D5, D3, EB, E4, 92, 75, A9, FB, 31, 4B, C7, EB, 4F, C1, 10, 23, C6, 61, 23, 8A, 25, E3, 19, 98, 2A, 28, 0D, EE, 21, CF, BD, 1E, 2E, 74, B7, A3, 18, 18, FC, 73, D6, 0E...
 
[+]

Entropy:
7.8395  (probably packed)

Code size:
13.5 KB (13,824 bytes)

Remove cprotect.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.