» DefragExpress.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

DefragExpress.exe

DefragExpress

DiskTrix Inc

This file is installed with the program DefragExpress!.

File name:

DefragExpress.exe

Publisher:

DiskTrix (signed by DiskTrix Inc)

Product:

DefragExpress

Version:

0, 0, 1, 46

MD5:

52ea9758ff70d913776ded8353ca6d4d

SHA-1:

0ff5b5836214a2800f5512b9b12694e1cc584549

SHA-256:

1046ef607e391ba26fa8109b320cfb9c8e315a069d0550e7ed65644a9b065c99

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 7:14:00 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.MulDrop5.1016

9.0.1.05190

File size:

1.8 MB (1,908,048 bytes)

Product version:

0, 0, 1, 46

Original file name:

DefragExpress.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\disktrix\defragexpress\defragexpress.exe

Digital Signature

Signed by:

DiskTrix Inc

Authority:

VeriSign, Inc.

Valid from:

5/19/2008 4:30:00 AM

Valid to:

5/20/2009 4:29:59 AM

Subject:

CN=DiskTrix Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=DiskTrix Inc, L=Surfside Beach, S=SouthCarolina, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7CA954EB874B1F80C7EA073A9D5A26A4

File PE Metadata

Compilation timestamp:

3/26/2009 8:14:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:Q5qVvF8LRf0z0JXY6dQVPOiefP4X6T35xFKwBdMKSEZETKrdU6LZc81kNZw1zJmN:tRFMB0zDwf26TYwBdMKSW74amXValwX

Entry address:

0xF3030

Entry point:

50, 60, 29, C0, 64, FF, 30, E8, 00, 00, 00, 00, 5D, 83, ED, 3C, 89, E8, 89, A5, 14, 00, 00, 00, 2B, 85, 1C, 00, 00, 00, 89, 85, 1C, 00, 00, 00, 8D, 85, 27, 03, 00, 00, 50, 8B, 00, 85, C0, 0F, 85, C0, 00, 00, 00, 8D, BD, 5B, 03, 00, 00, 8D, B5, 43, 03, 00, 00, E8, DD, 00, 00, 00, 89, 85, 1F, 03, 00, 00, 6A, 40, 68, 00, 10, 00, 00, 8B, 85, 28, 00, 00, 00, 50, 6A, 00, FF, 95, 1F, 03, 00, 00, 85, C0, 75, 0B, 8D, 85, C7, 02, 00, 00, E8, CD, 00, 00, 00, 89, 85, 23, 03, 00, 00, B9, 28, 00, 00, 00, 01, E9, 51, 50... 
[+]

Entropy:

6.5410

Packer / compiler:

Protection Plus

Code size:

648 KB (663,552 bytes)

Windows Firewall Allowed Program

Name:

defragexpress

The file DefragExpress.exe has been discovered within the following program.

DefragExpress! by DiskTrix Inc

www.disktrix.com

About 8% of users remove it

Scan DefragExpress.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.