» easyanticheat.sys
Overview
Analysis
File Details

easyanticheat.sys

EasyAntiCheat Ltd

File name:

easyanticheat.sys

Publisher:

EasyAntiCheat Ltd (signed and verified)

MD5:

56f86c83bff18cafe6551c975ee220fc

SHA-1:

a3aa533fa5024570992f3dff25139f1df75ac6b5

SHA-256:

9b3aed108880ce0c4e5501eff8b2e713ddfa6f9854054d93d15ac27ab03dc487

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/25/2024 12:39:10 AM UTC (today)

Scan engine

Detection

Engine version

McAfee

Generic Obfuscated.c

5600.6835

Trend Micro House Call

Suspicious_GEN.F47V0122

7.2.65

File size:

459 KB (470,048 bytes)

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\easyanticheat.sys

Digital Signature

Signed by:

EasyAntiCheat Ltd

Authority:

GlobalSign nv-sa

Valid from:

4/22/2014 8:15:40 AM

Valid to:

4/17/2015 4:58:00 AM

Subject:

CN=EasyAntiCheat Ltd, O=EasyAntiCheat Ltd, L=Espoo, C=FI

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FAEE84FA4ADDD304CD007E7E4DBF66C0

File PE Metadata

Compilation timestamp:

1/8/2015 6:40:52 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

12288:1X8SFpdF08/zy34ztNMbW5haGMBQNjLz9Kl7Ai1xo7bnsiEF:1MSFrzmOt6W5hanBQNjLz9uxo7bnsn

Entry address:

0x70007

Entry point:

E9, 25, 97, FF, FF, E9, B6, DF, FF, FF, 80, FC, 5A, E9, 0E, 44, FF, FF, 0F, 84, 9D, 5E, FF, FF, 66, 0F, AC, F6, 06, 8B, 70, 3C, E9, C1, 52, FF, FF, 00, 00, 49, 6F, 46, 72, 65, 65, 4D, 64, 6C, 00, 0F, 85, 29, 8A, FF, FF, 66, BE, 7C, FA, 0F, CE, 48, 8B, 35, 0D, A0, FF, FF, E9, 5E, 82, FF, FF, E9, AC, 85, FF, FF, 0F, 84, 45, 82, FF, FF, 66, 0F, B6, F0, E9, 5F, 95, FF, FF, CE, B4, F6, 36, 17, F4, E7, EA, 80, B9, CD, 86, BA, 93, CB, E6, 26, C6, 45, 6F, 3D, C5, 05, A6, E8, DB, 0F, 75, 77, 85, 05, 73, 14, DB, 8F... 
[+]

Entropy:

7.0115

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

50 KB (51,200 bytes)

Scan easyanticheat.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.