home

Ext2Mgr.exe

Ext2 Volume Manager for Windows

Suzhou Ind. Park ShiSuanKeJi Co., Ltd.

It runs as a windows Service named “Ext2 Volume Manger”. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Ext2 Volume Manager’.
Publisher:
Ext2Fsd Group (www.ext2fsd.com)  (signed by Suzhou Ind. Park ShiSuanKeJi Co., Ltd.)

Product:
Ext2 Volume Manager for Windows

Version:
2, 4, 7, 1

MD5:
de607da68d80192176bc0319bef03af3

SHA-1:
fbe155f8d16d037e0b0badeda3288de0344840b4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:14:17 PM UTC  (today)

File size:
1.2 MB (1,216,648 bytes)

Product version:
2, 4, 7, 1

Copyright:
Copyright (C) 2009 Ext2Fsd Group

Original file name:
Ext2Mgr.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\ext2mgr.exe

Digital Signature
Signed by:
Suzhou Ind. Park ShiSuanKeJi Co., Ltd.

Authority:
GlobalSign nv-sa

Valid from:
7/6/2009 6:56:35 AM

Valid to:
7/6/2010 6:56:35 AM

Subject:
E=support@winmount.com, CN="Suzhou Ind. Park ShiSuanKeJi Co., Ltd.", O="Suzhou Ind. Park ShiSuanKeJi Co., Ltd.", C=CN

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
010000000001224E6689D6

File PE Metadata
Compilation timestamp:
7/30/2009 2:20:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:AJFIpv79LLnQZY4ZrZkpptpp4hRzzzdzzzNB/b/zTzITyz2L:mZYkzzzdzzzbzTzITy2L

Entry address:
0x195FC

Entry point:
6A, 70, 68, 28, D4, 41, 00, E8, 08, 02, 00, 00, 33, DB, 89, 5D, FC, 8D, 45, 80, 50, FF, 15, 80, B0, 41, 00, 83, CF, FF, 89, 7D, FC, 66, 81, 3D, 00, 00, 40, 00, 4D, 5A, 75, 27, A1, 3C, 00, 40, 00, 8D, 80, 00, 00, 40, 00, 81, 38, 50, 45, 00, 00, 75, 14, 0F, B7, 48, 18, 81, F9, 0B, 01, 00, 00, 74, 20, 81, F9, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B8, 84, 00, 00, 00, 0E, 76, F2, 33, C9, 39, 98, F8, 00, 00, 00, EB, 0E, 83, 78, 74, 0E, 76, E2, 33, C9, 39, 98, E8, 00, 00, 00, 0F, 95, C1, 89, 4D, E4, C7...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
104 KB (106,496 bytes)

Service
Display name:
Ext2 Volume Manger

Service name:
Ext2Mgr

Type:
Win32OwnProcess, InteractiveProcess


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Ext2 Volume Manager

Command:
"C:\Program Files\ext2fsd\ext2mgr.exe" -quiet


Scan Ext2Mgr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.