» cyprotectdrv32.sys
Overview
Analysis
File Details
Behaviors (1)

cyprotectdrv32.sys

CylancePROTECT

Cylance, Inc.

It runs as a Windows file system device driver named “CyProtectDrv”.

File name:

cyprotectdrv32.sys

Publisher:

Cylance, Inc. (signed and verified)

Product:

CylancePROTECT

Description:

Cylance Protect Driver

Version:

1.2.1411.19

MD5:

11b2700b7b7171be5e51a30645bba925

SHA-1:

492b3fd9a4a9defff783d310d5cb55d4c0e86907

SHA-256:

ea1ba3b53642c0c4cbf304421294583d64ddf325d39caaf5374e764323ee58f1

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/28/2024 6:55:48 PM UTC (today)

File size:

656.3 KB (672,008 bytes)

Product version:

1.2.1411.19

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\cyprotectdrv32.sys

Digital Signature

Signed by:

Cylance, Inc.

Authority:

Thawte, Inc.

Valid from:

9/28/2016 8:00:00 PM

Valid to:

9/29/2018 7:59:59 PM

Subject:

CN="Cylance, Inc.", OU=DevOps, O="Cylance, Inc.", L=Irvine, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0B3114167C6627993C9B8C972536EA72

File PE Metadata

Compilation timestamp:

3/2/2017 12:27:13 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

Entry address:

0x9D03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, BE, 38, F6, FF, CC, CC, 1C, D1, 09, 00, 00, 00, 00, 00, 00, 00, 00, 00, 94, D9, 09, 00, FC, 3B, 01, 00, 0C, D1, 09, 00, 00, 00, 00, 00, 00, 00, 00, 00, E2, D9, 09, 00, EC, 3B, 01, 00, A0, D0, 09, 00, 00, 00, 00, 00, 00, 00, 00, 00, 42, DE, 09, 00, 80, 3B, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1E, DE, 09, 00, 0A, DE, 09, 00, F4, DD, 09, 00, E2, DD, 09, 00, C6, DD, 09, 00, B0, DD, 09, 00, 94, DD, 09, 00, 80, DD... 
[+]

Entropy:

1.9626

Code size:

88.9 KB (91,008 bytes)

Driver

Display name:

CyProtectDrv

Description:

Cylance Protect minifilter driver

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan cyprotectdrv32.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.