home

cprotect64.sys

CProtect

Beijing AmazGame Age Internet Technology Co., Ltd.

The file cprotect64.sys, “CYOU Game Protector” by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “CYouProtect”.
Publisher:
CYOU-INC  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
CProtect

Description:
CYOU Game Protector

Version:
2014.12.10.01 built by: WinDDK

MD5:
de3b11a391ebb96767ba823f1cb9ce0f

SHA-1:
763b4298ad11d545e7c99efdda37b6bc981a851b

SHA-256:
f5d845becc8e8f6446bfc2771bfb466862809a022230516d371750c51a75e2e4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/1/2024 10:13:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingA
16.8.5.9

File size:
249.8 KB (255,776 bytes)

Product version:
1.0.0

Copyright:
Copyright (c) CYOU-INC. All rights reserved.

Original file name:
CProtect

File type:
Driver (Win64 SYS)

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/3/2014 8:00:00 AM

Valid to:
3/3/2017 7:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Tech Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71C0B8F7F8E7AE5DD00BF1016794A6EF

File PE Metadata
Compilation timestamp:
8/17/2015 11:17:24 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:ZCG7kZn7b8fZqgl4s3oPSh+TPYpLPRJu8dlFSXWG92e5ABaXd8q9:a5+3o8+qZJu8XsXWyxOM

Entry address:
0x41343

Entry point:
E9, AF, 0C, 03, 00, BC, 32, 03, 9C, 6C, F3, 5D, E1, 5B, 5A, 95, 28, D5, AD, 02, 4B, BE, 28, C2, 79, D9, 4D, 1B, 6C, 70, 30, 0A, 0C, FD, 59, 1F, F0, 1A, 52, 0D, 02, B1, 99, 04, 8C, ED, 8B, 84, 08, CC, 53, 17, C4, 40, E0, D2, 7A, DF, 84, 58, CB, 9F, 14, 3F, DD, 98, 68, 20, F9, 9F, 79, 73, 0E, B6, AD, 6C, 27, E4, A7, A1, 15, 73, 82, 05, 90, 21, 26, C3, EA, E7, 48, 81, BC, 4D, CD, 5A, ED, 06, F9, 3A, 7D, 56, 30, 62, 03, 0E, 57, BA, F3, BB, 65, 49, EB, B7, 97, 68, 3E, 2E, C7, E1, 2D, 13, D3, FE, 30, 01, 19, 8B...
 
[+]

Entropy:
7.8134

Packer / compiler:
Xtreme-Protector v1.05

Code size:
12 KB (12,288 bytes)

Driver
Display name:
CYouProtect

Type:
Kernel device driver (KernelDriver)


Remove cprotect64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.