» plexvault.exe
Overview
Analysis
File Details
Behaviors (1)

plexvault.exe

Lite-On Technology Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PlexVault’.

File name:

plexvault.exe

Publisher:

Lite-On Technology Corporation (signed and verified)

MD5:

9007483eb0929ec746f8737dbc6331f5

SHA-1:

04efc598101b109d0a1b6a0d6c2ccc0e81d321bd

SHA-256:

bf0939081aab0d3caa570627cc4821f896ba9f8b4256318faca899b9e2007843

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 9:55:23 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW64.packed

1.3.0.8042

File size:

4.2 MB (4,393,576 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\plexvault\plexvault.exe

Digital Signature

Signed by:

Lite-On Technology Corporation

Authority:

VeriSign, Inc.

Valid from:

7/24/2015 2:00:00 AM

Valid to:

9/15/2016 1:59:59 AM

Subject:

CN=Lite-On Technology Corporation, O=Lite-On Technology Corporation, L=Hsinchu, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

38A6B946724226498C48291D33CFCDD3

File PE Metadata

Compilation timestamp:

1/13/2016 9:20:27 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

98304:HPFihktN0A0AZ4lBkCOXdWyCYhUJ0cYoa0+TQHYr6mZ:HNgk4FECEdWyCYhuSi+MDC

Entry address:

0x8014

Entry point:

48, 83, EC, 28, E8, 83, 08, 00, 00, 48, 83, C4, 28, E9, 22, FE, FF, FF, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 33, C9, FF, 15, CF, 93, 04, 00, 48, 8B, CB, FF, 15, BE, 93, 04, 00, FF, 15, C0, 90, 04, 00, 48, 8B, C8, BA, 09, 04, 00, C0, 48, 83, C4, 20, 5B, 48, FF, 25, B4, 93, 04, 00, 48, 89, 4C, 24, 08, 48, 83, EC, 38, B9, 17, 00, 00, 00, E8, A1, 76, 04, 00, 85, C0, 74, 07, B9, 02, 00, 00, 00, CD, 29, 48, 8D, 0D, 2F, 0D, 06, 00, E8, DA, 02, 00, 00, 48, 8B, 44, 24, 38, 48, 89, 05, 16, 0E, 06, 00, 48, 8D... 
[+]

Code size:

317.5 KB (325,120 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PlexVault

Command:

C:\Program Files\plexvault\plexvault.exe

Scan plexvault.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.