home

ezimage64.sys

EzImage Driver

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The file ezimage64.sys by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “DPS EzImage”.
Publisher:
Data Protection Solutions by Arco  (signed by Data Protection Solutions)

Product:
EzImage Driver

Version:
1.0.0.31

MD5:
a87b2fac93a0a801b3e2d6e1766b95b2

SHA-1:
67e5410afd52c3dec8997eea688acb9433ed821d

SHA-256:
0f574b5428b42e35a0683dd0ddde217bc5515ae875b4a1680bd0b06fa8ce6651

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
5/27/2024 3:28:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DataProtectionSolutions.M
14.9.15.16

File size:
21.7 KB (22,232 bytes)

Product version:
1.0.0.31

Copyright:
Copyright (C) 2001-2014

Trademarks:
EzBackup

Original file name:
EzImage.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\ezimage64.sys

Digital Signature
Signed by:
Data Protection Solutions

Authority:
VeriSign, Inc.

Valid from:
6/2/2013 7:00:00 PM

Valid to:
7/3/2014 6:59:59 PM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=Hollywood, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
66B3620DADFD6713A3565EBB7548E362

File PE Metadata
Compilation timestamp:
1/28/2014 6:00:11 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:ab2qiihrMVk7qpiY00+kLM+XnYPLT+8gUHeMma:ab2Aok7q0BV0M6wUa

Entry address:
0x7064

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, AE, A2, FF, FF, CC, CC, B0, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8E, 73, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 88, 71, 00, 00, 00, 00, 00, 00, A0, 71, 00, 00, 00, 00, 00, 00, C0, 71, 00, 00, 00, 00, 00, 00, D4, 71, 00, 00, 00, 00, 00, 00, F6, 71, 00, 00, 00, 00, 00, 00, 0A, 72, 00, 00, 00, 00, 00, 00, 22, 72, 00, 00...
 
[+]

Entropy:
6.3514

Code size:
10.5 KB (10,752 bytes)

Driver
Display name:
DPS EzImage

Service name:
EzImage

Type:
Kernel device driver (KernelDriver)


Remove ezimage64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.