home

IDrvieEStartup.exe

IDrive

Pro Softnet Corp

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘IDriveE Startup’.
Publisher:
Pro Softnet Corporation  (signed by Pro Softnet Corp)

Product:
IDrive

Version:
3.03.0001

MD5:
1a49c99382f7193bbff32f39c521e7f8

SHA-1:
6d2ced577f4069ee7cbcc3c1a8be1aabf38cadf0

SHA-256:
c784af58ed6d7b019f5eb9ea3de91de6ed722d5a9ba9b397f11197765255debf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 6:14:28 AM UTC  (today)

File size:
173.5 KB (177,616 bytes)

Product version:
3.03.0001

Copyright:
Copyright (C) 1999-2009 Pro Softnet Corporation

Original file name:
IDrvieEStartup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Pro Softnet Corp

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/22/2008 12:00:00 AM

Valid to:
4/19/2010 12:59:59 AM

Subject:
CN=Pro Softnet Corp, OU=IBACKUP, O=Pro Softnet Corp, L=Woodland Hills, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
44D63956228188E35356267B3B775F4C

File PE Metadata
Compilation timestamp:
2/8/2010 9:13:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:rtFmXMgAc3sm5YYVYNSa/bSRL3GdwfjmHplmbVbRi3qb+bGnLn8+vJm50Xx55F7V:hFwv8KYYVYNSa/ORL3GMj0poVbRwqGGL

Entry address:
0x353C

Entry point:
68, DC, 35, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 0C, 27, 11, 15, AD, 7D, 2D, 49, 9B, 26, 0A, 17, FF, F8, 2C, 78, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 49, 44, 72, 69, 76, 65, 45, 53, 74, 61, 72, 74, 75, 70, 00, 00, 00, 00, 00, 00, 50, 00, 00, 00, 0A, CD, 98, FD, 5C, E0, 41, 48, A9, A4, E0, 6A, 2B, 6D, 5D, BD, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5542

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
156 KB (159,744 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IDriveE Startup

Command:
"C:\idrive\idrvieestartup.exe" hide


Scan IDrvieEStartup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.