» CloudBerryDriveTray.exe
Overview
Analysis
File Details
Behaviors (1)

CloudBerryDriveTray.exe

CloudBerry Drive

TRICHILIA CONSULTANTS LIMITED

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CloudBerry Drive’.

File name:

Publisher:

CloudBerry Lab (signed by TRICHILIA CONSULTANTS LIMITED)

Product:

CloudBerry Drive

Description:

CloudBerry Drive TrayApp

Version:

1.3.0.18

MD5:

2a3a6f08425f78ca87992b82f58ebf26

SHA-1:

232d99048c0ce870575324dddbc07e24f2604211

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 1:10:25 AM UTC (today)

File size:

348.1 KB (356,480 bytes)

Product version:

1.3.0.18

Original file name:

CloudBerryDriveTray.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\cloudberrylab\cloudberry drive\cloudberrydrivetray.exe

Digital Signature

Signed by:

TRICHILIA CONSULTANTS LIMITED

Authority:

COMODO CA Limited

Valid from:

11/3/2011 5:00:00 PM

Valid to:

11/3/2014 3:59:59 PM

Subject:

CN=TRICHILIA CONSULTANTS LIMITED, O=TRICHILIA CONSULTANTS LIMITED, STREET="Lampousas, 1", L=Nicosia, S=Nicosia, PostalCode=1095, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DE56BC28E3D72407BAD9A982F3971CC0

File PE Metadata

Compilation timestamp:

4/24/2014 8:57:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:eaQ1TxTuRbp/v9Eqwen2Ndko5RlsL6GFvvaQpdu4RTMRlB:eDTuFv9E02z/5RiL6GUQbYrB

Entry address:

0xF3EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 78, 00, 00, 80, 10, 00, 00, 00, 90, 00, 00, 80, 18, 00, 00, 00, A8, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 07, 00, 02, 00, 00, 00, C0, 00, 00, 80, 03, 00, 00, 00, D8, 00, 00, 80, 04, 00, 00, 00, F0, 00, 00, 80, 05, 00, 00, 00, 08, 01, 00, 80, 06, 00, 00, 00, 20, 01, 00, 80, 07, 00, 00, 00, 38, 01... 
[+]

Entropy:

4.3682

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

53 KB (54,272 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CloudBerry Drive

Command:

C:\Program Files\cloudberrylab\cloudberry drive\cloudberrydrivetray.exe

Scan CloudBerryDriveTray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.