» ezimage_2003_x86.sys
Overview
Analysis
File Details

ezimage_2003_x86.sys

EzImage Driver

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The file ezimage_2003_x86.sys by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Data Protection Solutions by Arco (signed by Data Protection Solutions)

Product:

EzImage Driver

Version:

1.0.0.31

MD5:

92205ee40ebefad949344b62c14aae79

SHA-1:

af956519700811858ee3c7599eb9a0fb6927df3b

SHA-256:

9f4ece0a2546c725595a13bc20b096ef6726d301061ce08c619266d81316c9c5

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

5/19/2024 3:42:56 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt.DataProtectionSolutions (M)

15.11.3.8

File size:

19.7 KB (20,184 bytes)

Product version:

1.0.0.31

Trademarks:

EzBackup

Original file name:

EzImage.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\dps\ezmigration\system32\x86\ezimage_2003_x86.sys

Digital Signature

Signed by:

Data Protection Solutions

Authority:

VeriSign, Inc.

Valid from:

6/2/2013 8:00:00 PM

Valid to:

7/3/2014 7:59:59 PM

Subject:

CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=Hollywood, S=Florida, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

66B3620DADFD6713A3565EBB7548E362

File PE Metadata

Compilation timestamp:

1/28/2014 6:59:41 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:QTcp149t+R/Y+/fKpNQ+G+UMxnYPLT+8gUHeMCo1kZ3:M9t+RwsSk+GhMxw5kh

Entry address:

0x503E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, C2, BF, FF, FF, CC, CC, 78, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 53, 00, 00, 00, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, EC, 50, 00, 00, 0E, 51, 00, 00, 1A, 51, 00, 00, 2C, 51, 00, 00, 44, 51, 00, 00, 58, 51, 00, 00, 6A, 51, 00, 00, 82, 51, 00, 00, A0, 51, 00, 00, AA, 51, 00, 00, B8, 51, 00, 00, D0, 51, 00, 00, E0, 51, 00, 00, EC, 51, 00, 00, 02, 52, 00, 00, 22, 52, 00, 00, 2C, 52, 00, 00, 40, 52... 
[+]

Entropy:

6.5309

Code size:

8.5 KB (8,704 bytes)

Remove ezimage_2003_x86.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.