» id_bglaunch.exe
Overview
Analysis
File Details
Behaviors (1)

id_bglaunch.exe

IDrive

Pro Softnet Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IDrive Background process’.

File name:

id_bglaunch.exe

Publisher:

Prosoftnet (signed by Pro Softnet Corporation)

Product:

IDrive

Description:

IDrive Background

Version:

6.4.0.5

MD5:

220635348d51c000fbc876594b19aacb

SHA-1:

5a519f41e0d4c757805059c0d7bb0ab70e10fe3c

SHA-256:

10439622b0226bbe6a282ed758a48981325cacc3337ba85210786638e1fbded9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 3:31:06 AM UTC (today)

File size:

70.5 KB (72,224 bytes)

Product version:

6.4.0.5

Original file name:

id_bglaunch.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\idrivewindows\id_bglaunch.exe

Digital Signature

Signed by:

Pro Softnet Corporation

Authority:

Thawte, Inc.

Valid from:

2/14/2014 1:00:00 AM

Valid to:

2/15/2016 12:59:59 AM

Subject:

CN=Pro Softnet Corporation, OU=IT, O=Pro Softnet Corporation, L=Calabasas, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

68A7A5C7BD2B769D46DD66EE575B8C68

File PE Metadata

Compilation timestamp:

8/21/2015 3:01:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:LGYT9bZANQbZDxBmNPXreYBASer59DfcARax/flTp:ya9e6rENPDBASeXTcAApl1

Entry address:

0x51DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 88, 00, 00, 80, 10, 00, 00, 00, A0, 00, 00, 80, 18, 00, 00, 00, B8, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 09, 00, 02, 00, 00, 00, D0, 00, 00, 80, 03, 00, 00, 00, E8, 00, 00, 80, 04, 00, 00, 00, 00, 01, 00, 80, 05, 00, 00, 00, 18, 01... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

12.5 KB (12,800 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IDrive Background process

Command:

"C:\Program Files\idrivewindows\id_bglaunch.exe" min

Scan id_bglaunch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.