home

folderclone.exe

FolderClone

Salty Brine Software

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘folderclone’.
Publisher:
Salty Brine Software  (signed and verified)

Product:
FolderClone

Version:
2.00.0003

MD5:
5ee751d19ee2bcf91de9aeb3be6cbccd

SHA-1:
4563e12d82a45376331f5a921335a227537a9fc5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 4:40:12 AM UTC  (today)

File size:
789.6 KB (808,520 bytes)

Product version:
2.00.0003

Original file name:
folderclonepro.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\folderclone\folderclone.exe

Digital Signature
Signed by:
Salty Brine Software

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
11/30/2007 3:44:17 PM

Valid to:
11/29/2008 3:44:17 PM

Subject:
CN=Salty Brine Software, OU=Secure Application Development, O=Salty Brine Software, L=Palm Coast, S=Florida, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
04F5C76E5DCC156D8410AB2138DB4B67

File PE Metadata
Compilation timestamp:
1/28/2009 2:47:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:/vjTUPm2rJ8u5XHnUECMotmUBllmgruQFsUGPxX+9588ZxzhJGE6jRmEp/QX:HUzh53UtmU9sjxXw88Xz7GE6FmEk

Entry address:
0x2D1B40

Entry point:
E8, 3B, FF, FF, FF, 05, E5, 05, 00, 00, FF, E0, E8, 2F, FF, FF, FF, 05, 94, 11, 00, 00, FF, E0, E8, 04, 00, 00, 00, FF, FF, FF, FF, 5E, C3, 00, F1, CD, 2C, 8B, 8F, 22, 0A, 9E, 6C, 8F, 81, 2D, 0C, F4, E5, 39, 2F, 5A, 08, 29, BA, D9, 15, 94, 6B, 31, 03, C2, 79, 82, 92, 6A, 41, 4B, 3F, 1F, 8B, 1B, 0A, ED, 80, 79, 06, 76, DC, 02, 7F, 57, A0, AE, 8A, 56, A4, 93, 43, D0, BC, 3D, EB, 72, 07, 1F, C6, 10, 95, A5, 43, FD, 32, 47, AB, 8D, FC, 71, 2A, 62, F1, 90, 95, 06, DA, 2C, 24, ED, C4, 1E, 4A, A2, CD, 2F, 8E, 79...
 
[+]

Entropy:
7.9870  (probably packed)

Code size:
1.7 MB (1,789,952 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
folderclone

Command:
C:\Program Files\folderclone\folderclone.exe


Scan folderclone.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.