home

folderclone.exe

FolderClone

Salty Brine Software

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘folderclone’.
Publisher:
Salty Brine Software  (signed and verified)

Product:
FolderClone

Version:
2.01.0001

MD5:
801917c9a5af1b003bd2dff0766f5bbf

SHA-1:
3bc05f9779ed54f8398db667578574f3065ba543

SHA-256:
605dfcdbc17ba60b8d6bd000bb71aec3361c43cd832839f0aa151b837bcb0f85

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 6:31:32 PM UTC  (today)

File size:
1.1 MB (1,192,344 bytes)

Product version:
2.01.0001

Original file name:
folderclonestand.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\folderclone\folderclone.exe

Digital Signature
Signed by:
Salty Brine Software

Authority:
COMODO CA Limited

Valid from:
8/10/2014 5:00:00 PM

Valid to:
8/10/2016 4:59:59 PM

Subject:
CN=Salty Brine Software, OU=Salty Brine Software, O=Salty Brine Software, STREET=PO Box 353326, STREET=Palm Coast, L=Art Araya, S=FL, PostalCode=32135, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A553424F4B641712FEBE04340D6B73FE

File PE Metadata
Compilation timestamp:
2/17/2015 4:19:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:08Yg/8xs59yfesmE0ysXPwa7Il4wTVz8vjiwFOGpGutCetIzCJiTg:06Ws+bmEVBa0O2ivdDpGutmTg

Entry address:
0x441DFE

Entry point:
E8, 3B, FF, FF, FF, 05, CD, 22, 00, 00, FF, E0, E8, 2F, FF, FF, FF, 05, B9, 0B, 00, 00, FF, E0, E8, 04, 00, 00, 00, FF, FF, FF, FF, 5E, C3, 00, 01, F3, 7A, 9F, 1B, F3, D0, AE, D1, 74, 74, 39, 7A, 2A, 0F, E4, 5B, 92, CF, 3D, B0, A8, 6E, B0, 44, 78, 43, 3F, B6, 2B, 7E, A4, AC, FB, 3E, B8, 39, 63, 84, 9A, 70, A6, F4, 9E, 8F, F0, 86, C9, E1, 69, E4, 53, 13, AB, AD, 73, 5A, E9, 8C, 64, 07, 01, 75, DC, 1C, 40, 89, 51, 1D, B1, 1D, 89, CA, BC, AF, 08, EA, AE, B4, 7F, 1C, 56, 4A, 17, 9F, 6A, F3, 79, 21, A2, EA, B8...
 
[+]

Entropy:
7.9865  (probably packed)

Code size:
2.8 MB (2,904,064 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
folderclone

Command:
C:\Program Files\folderclone\folderclone.exe


Scan folderclone.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.