home

ezimage64.sys

Windows Codename Longhorn DDK driver

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The file ezimage64.sys, “Filter Driver for DPS EzBackup” by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Windows (R) Codename Longhorn DDK provider  (signed by Data Protection Solutions)

Product:
Windows (R) Codename Longhorn DDK driver

Description:
Filter Driver for DPS EzBackup

Version:
6.0.6001.18000 built by: WinDDK

MD5:
11b2d23278990812e36c94ee9743a8d1

SHA-1:
69ab7a424ad08b9877fdb1d3753233c40ca6de35

SHA-256:
2ee78a3fe1ac1e2ca2b68139bd472f763d2508c356aeb71a7326d2495e6bbdbe

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
5/28/2024 1:10:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.10.10.9

File size:
16.3 KB (16,720 bytes)

Product version:
6.0.6001.18000

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
genfilt:

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Program Files\dps\ezmigration\ezimage64.sys

Digital Signature
Signed by:
Data Protection Solutions

Authority:
VeriSign, Inc.

Valid from:
6/1/2008 8:00:00 PM

Valid to:
6/2/2009 7:59:59 PM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=Hollywood, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
159A19A368DB3EB7BD8ACFE64404B398

File PE Metadata
Compilation timestamp:
6/23/2008 3:57:46 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
192:HoajHYF++Kuuo8CvfVZvcOfeYPwF8dZhJz8Issws7BuZMjGwP76MR+k+ebMQkZg/:IajHYFrkO2Po76Wkvc+6bO6jj

Entry address:
0x6008

Entry point:
48, 8B, 05, F1, E0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, E0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, E0, FF, FF, 48, F7, D0, 48, 89, 05, AC, E0, FF, FF, E9, DF, B1, FF, FF, CC, CC, CC, 90, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, 63, 00, 00, 00, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7464

Code size:
8 KB (8,192 bytes)

Remove ezimage64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.