» id_bglaunch.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

id_bglaunch.exe

IDrive

Pro Softnet Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IDrive Background process’. This is installed with IDrive Version - 6.0.

File name:

id_bglaunch.exe

Publisher:

Prosoftnet (signed by Pro Softnet Corporation)

Product:

IDrive

Description:

IDrive Background

Version:

6.1.0.9

MD5:

461f7a15c5c98df7b7e36852cf460ee9

SHA-1:

ac9045feb0104117713e18349801a672a515544e

SHA-256:

d48215fddb476e7798b92564f6e8f29d0c404fc81cb9c0de2d710f901bba4304

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 8:20:54 PM UTC (today)

File size:

65 KB (66,592 bytes)

Product version:

6.1.0.9

Original file name:

id_bglaunch.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\idrivewindows\id_bglaunch.exe

Digital Signature

Signed by:

Pro Softnet Corporation

Authority:

Thawte, Inc.

Valid from:

2/13/2014 7:00:00 PM

Valid to:

2/14/2016 6:59:59 PM

Subject:

CN=Pro Softnet Corporation, OU=IT, O=Pro Softnet Corporation, L=Calabasas, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

68A7A5C7BD2B769D46DD66EE575B8C68

File PE Metadata

Compilation timestamp:

6/3/2014 9:51:42 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:/md9H9QbZDxBmNPXreYBASer59DfcARax/fll:k9HKrENPDBASeXTcAApll

Entry address:

0x3AAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.8006

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

7 KB (7,168 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IDrive Background process

Command:

"C:\Program Files\idrivewindows\id_bglaunch.exe"

The file id_bglaunch.exe has been discovered within the following program.

IDrive Version - 6.0 by Pro Softnet Corp

www.idrive.com

About 9% of users remove it

Scan id_bglaunch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.