home

net1.exe

Wipe, Secret Disk, Prevent Restore, Safe Startup

Yury Saprykin

This is a setup and installation application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Secret Disk Maintance’. The file has been seen being downloaded from www.majorgeeks.com and multiple other hosts.
Publisher:
www.privacyroot.com  (signed by Yury Saprykin)

Product:
Wipe, Secret Disk, Prevent Restore, Safe Startup

Description:
Application Installer

Version:
2.08.0.0

MD5:
a757a2eee711ba70787feb246e3fa81d

SHA-1:
9be79ebe036df31ca3e7c6144eb03c8ce95759c3

SHA-256:
eb7a8ff7c5a2146fa9391b662fa6fb4470a9d968241893bc5640db280ad816f7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 11:35:14 PM UTC  (a few moments ago)

File size:
510.8 KB (523,032 bytes)

Product version:
2.08.0.0

Copyright:
privacyroot.com 2002 - 2016

Original file name:
NET2.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\secret disk\net1.exe

Digital Signature
Signed by:
Yury Saprykin

Authority:
COMODO CA Limited

Valid from:
1/29/2016 1:00:00 AM

Valid to:
3/13/2017 12:59:59 AM

Subject:
CN=Yury Saprykin, O=Yury Saprykin, STREET=Prospekt Revolucii 25, L=Voronezh, S=VO, PostalCode=394000, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
61AFA73CBCEAD0D56D29F25F7F239902

File PE Metadata
Compilation timestamp:
2/1/2016 11:12:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:6Nc+pq8/bi1hiiBGQn+DAab0fYoW/Lfp/ylRyrjYBOReqWZ5oe791KhLJ:mpAv1hiw+DAnAoW/LBKlAt5WzoeY

Entry address:
0x76A7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
467 KB (478,208 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Secret Disk Maintance

Command:
"C:\Program Files\secret disk\net1.exe" windowsstartup


The file net1.exe has been discovered within the following programs.

Secret Disk  by PrivacyRoot.com
Publisher's description - “Secret Disk can create additional disk on your PC, which can be invisible and locked with a password within one second. You can make your private files and folders invisible and protected. You don't need to format your hard disk or make any changes to boot sector.”
privacyroot.com
About 2% of users remove it
 
Powered by Should I Remove It?

The file net1.exe has been seen being distributed by the following 9 URLs.

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://secret-disk.en.softonic.com/download-tracker?th=1/.../1hqVlQuIH5Eu3TJ2LX8w1raG2iShe8FrJ9Sf9JOP5cSmdwBdyTqr0M4r7E3rkzYh38XPYJVEmqCMw11L1Vw7TgS2hafWNxSc=

http://software.thaiware.com/download_url.php?id=6742

https://privacyroot.com/software/setups/.../

http://secret-disk.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWuMAYGg202ukXToZcfA7pShq1Uc/9Qt4Tp0dDMO8WnqQD0Q0gIAfild38 V0J/.../JdsI5uXbI zY30bj6D9tLUfTMQRhN8YuWgNx5vPRfpYEMPtWFcmY5IFOs=

http://privacyroot.com/software/.../setup_secret_disk.exe

http://logirama.net/telecharger/windows/.../secret-disk.html?chk=b4bbbcab10f7cefb2e8e91e90834c61a&no_html=1

https://privacyroot.com/software/.../setup_secret_disk.exe

http://privacyroot.com/programs/.../setup_secret_disk.exe

Scan net1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.