home

CacheRestore.exe

HD革命/DISK Mirror

Ark Information Systems inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CacheRestore Startup’.
Publisher:
株式会社アーク情報システム  (signed by Ark Information Systems inc.)

Product:
HD革命/DISK Mirror

Description:
HD革命/DISK Mirror - 同期監視アプリケーション

Version:
3.0.0.0

MD5:
6571354fe2b8d54ec7fa9aaf9c51921c

SHA-1:
6c96ea4a363fc05c8a386b1705cfcc6c4b0cac86

SHA-256:
f59e9806cc82f3a5d75d8facbce30d666837f4948efc780b38f00f088944f278

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 4:09:31 PM UTC  (today)

File size:
405.4 KB (415,144 bytes)

Product version:
3.0.0.0

Copyright:
Copyright (C) 2008-2011 株式会社アーク情報システム

Trademarks:
HD革命(R)

Original file name:
CacheRestore.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ark information systems inc\diskmirror3\cacherestore.exe

Digital Signature
Signed by:
Ark Information Systems inc.

Authority:
VeriSign, Inc.

Valid from:
7/8/2010 9:00:00 AM

Valid to:
7/9/2011 8:59:59 AM

Subject:
CN=Ark Information Systems inc., OU=KH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ark Information Systems inc., L=Chiyoda-Ku, S=Tokyo, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
629D4947F1EEDCB9967825F31F31DB6D

File PE Metadata
Compilation timestamp:
5/13/2011 7:37:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:kPkfH9iAf7DHGBYc0cfekNMmN84FbEj3SLWwAmNOR:kU7iYc3flNdFbGdR

Entry address:
0x21073

Entry point:
E8, 49, 88, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, DD, 10, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, B7, 22, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D, 00, 00, 00, 00...
 
[+]

Entropy:
6.3138

Code size:
212 KB (217,088 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CacheRestore Startup

Command:
C:\Program Files\ark information systems inc\diskmirror3\cacherestore.exe


Scan CacheRestore.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.