home

idwbg_501.exe

IDrive for Windows

Pro Softnet Corp

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘IDrive Background process’.
Publisher:
Pro Softnet Corporation  (signed by Pro Softnet Corp)

Product:
IDrive for Windows

Version:
5.00.0001

MD5:
63b120c81a8522e9b4d058a25d099974

SHA-1:
aac50f48c75778df20b624ff96a4350828ae7ca7

SHA-256:
63c679fb09879914aa6074d33c91368254792536f56e3e809e2697ba06e8acd7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2024 5:04:45 AM UTC  (today)

File size:
42.1 KB (43,152 bytes)

Product version:
5.00.0001

Copyright:
(C) Copyright Pro Softnet Corporation.

Original file name:
idwbg_501.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\idrivewindows\idwbg_501.exe

Digital Signature
Signed by:
Pro Softnet Corp

Authority:
Thawte, Inc.

Valid from:
3/20/2012 8:00:00 PM

Valid to:
4/17/2014 7:59:59 PM

Subject:
CN=Pro Softnet Corp, OU=IT, O=Pro Softnet Corp, L=Woodland Hills, S=California, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7536BB5002B05300C713E4371316DF83

File PE Metadata
Compilation timestamp:
4/25/2012 2:41:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:XNjDIvceZxJvfqJvcJ10L7Vmr6L5e4LuUXoV:XN2pxJvCJvG103o2LRD0

Entry address:
0x173C

Entry point:
68, 94, 18, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, AE, D6, 62, 0A, A6, EC, 9D, 4E, A0, DE, C7, C0, 4A, F6, 31, 25, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 68, BB, FC, 00, 69, 64, 77, 62, 67, 00, FC, 00, 00, 00, 00, 00, 50, 00, 00, 00, 0B, 16, 9E, E8, B7, 88, F0, 41, 8E, 07, FD, 2D, B4, D8, B3, 20, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9640

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
24 KB (24,576 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IDrive Background process

Command:
"C:\Program Files\idrivewindows\idwbg_501.exe"


Scan idwbg_501.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.