home

protect.sys

Waterwall Anti-Cracking Driver

Waterwall Systems Co., Ltd

It runs as a Windows kernel mode device driver named “PROTECT”.
Publisher:
WaterWall Systems  (signed by Waterwall Systems Co., Ltd)

Product:
Waterwall Anti-Cracking Driver

Description:
Anti-Cracking Driver

Version:
3,0,16,10251 built by: WinDDK

MD5:
03cad09ceca350d8154145e284412cd7

SHA-1:
f38dc668a6d580d0e90abf705cbe11f4de8f1863

SHA-256:
2f88d3a102c89a5a59c337627404003e4189582b410bcee6aa3c014a45e95c9e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 3:30:11 PM UTC  (today)

File size:
43.1 KB (44,152 bytes)

Product version:
3,0,0,0

Copyright:
Copyright (C) WaterWall Systems Co.,Ltd. All Rights Reserved.

Original file name:
protect.sys

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\protect.sys

Digital Signature
Signed by:
Waterwall Systems Co., Ltd

Authority:
VeriSign, Inc.

Valid from:
6/7/2016 9:00:00 AM

Valid to:
8/7/2017 8:59:59 AM

Subject:
CN="Waterwall Systems Co., Ltd", O="Waterwall Systems Co., Ltd", L=Geumcheon-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5FFE74526F9CBA1C05473CE2B835008F

File PE Metadata
Compilation timestamp:
10/26/2016 6:04:30 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

Entry address:
0x603E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 16, AF, FF, FF, CC, CC, 78, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, 65, 00, 00, 80, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5C, 61, 00, 00, 6C, 61, 00, 00, 76, 61, 00, 00, 80, 61, 00, 00, 96, 61, 00, 00, A6, 61, 00, 00, BC, 61, 00, 00, D6, 61, 00, 00, EA, 61, 00, 00, F6, 61, 00, 00, 04, 62, 00, 00, 20, 62, 00, 00, 30, 62, 00, 00, 48, 62, 00, 00, 60, 62, 00, 00, 76, 62, 00, 00, 8A, 62, 00, 00, 96, 62...
 
[+]

Entropy:
5.6457

Code size:
11.4 KB (11,648 bytes)

Driver
Display name:
PROTECT

Type:
Kernel device driver (KernelDriver)

Group:
Streams Drivers


Scan protect.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.