» idrivetray.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

idrivetray.exe

IBackup Express

Pro Softnet Corp

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘IDrive Tray’. This is installed with IDrive Version - 6.0.

File name:

idrivetray.exe

Publisher:

Prosoftnet Corp (signed by Pro Softnet Corp)

Product:

IBackup Express

Description:

IBackup Express Tray

Version:

3.0.0.0

MD5:

15fce646ffe0cc0df1559f65ad6c15b1

SHA-1:

d26559a02575fc7d68663d2a735487b7f6abd671

SHA-256:

9e2c9c1ca592766b7d3524ca1d38d531c7a5f427f7e52683736690a2531d6417

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 9:40:54 PM UTC (today)

File size:

922.6 KB (944,728 bytes)

Product version:

3.0.0.0

Original file name:

idrivetray.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\idrivewindows\idrivetray.exe

Digital Signature

Signed by:

Pro Softnet Corp

Authority:

Thawte, Inc.

Valid from:

3/20/2012 6:00:00 PM

Valid to:

4/17/2014 5:59:59 PM

Subject:

CN=Pro Softnet Corp, OU=IT, O=Pro Softnet Corp, L=Woodland Hills, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7536BB5002B05300C713E4371316DF83

File PE Metadata

Compilation timestamp:

10/18/2013 8:59:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:+6Pbtlg8tlZtlZtlZtl6777777777D6TUl2Sz7itllmlOvUlS:+6PEL6TUl2qO9

Entry address:

0xD9A8E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6454

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

863 KB (883,712 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IDrive Tray

Command:

"C:\Program Files\idrivewindows\idrivetray.exe" min

The file idrivetray.exe has been discovered within the following program.

IDrive Version - 6.0 by Pro Softnet Corp

www.idrive.com

About 9% of users remove it

Scan idrivetray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.