» PwdManager.exe
Overview
Analysis
File Details
Behaviors (1)

PwdManager.exe

Password Manager XP

Pavlo Matviienko

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PasswordManagerXP’.

File name:

PwdManager.exe

Publisher:

CP Lab (signed by Pavlo Matviienko)

Product:

Password Manager XP

Version:

3.2.0.616

MD5:

a246a903654cda6ad7ac6efa56da2754

SHA-1:

0d04b7239d077e79fbc6870b5e4d9317838aa24d

SHA-256:

adf775d04329ca2bb90cf4563e432cfb112a20b8716bed787c25b8ee72913849

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 11:47:04 PM UTC (a few moments ago)

File size:

1.7 MB (1,818,448 bytes)

Product version:

3.2

Original file name:

PwdManager.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\password manager xp\pwdmanager.exe

Digital Signature

Signed by:

Pavlo Matviienko

Authority:

StartCom Ltd.

Valid from:

8/19/2012 2:39:30 PM

Valid to:

8/21/2014 9:54:15 AM

Subject:

E=pavel.matvienko@cp-lab.com, CN=Pavlo Matviienko, L=Kiev, S=Kyyiv, C=UA, Description=lPEE8tQM8d41CxsR

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0702

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x19C99A

Entry point:

E9, 3F, BA, 00, 00, 6D, 5F, 4D, 8E, 82, F0, 6C, 50, 53, 31, A4, 87, 8D, 63, 86, 2A, B0, FB, 03, 83, EC, 0C, 53, 56, 57, E8, 24, 02, 00, E9, 4E, 1A, 02, 00, E8, 0C, 58, 02, 00, D3, 1E, FE, 3A, 76, 05, 10, 95, E9, 13, B4, 02, 00, 99, 81, C6, 1B, 52, B0, F5, E9, 15, 23, 01, 00, E8, 0A, 56, FC, FF, 1E, 31, 01, 8D, 61, 05, B0, 77, E8, 79, DB, FD, FF, 57, 7C, 3A, 94, B4, 05, 80, 6C, 81, C3, 09, 37, 56, FA, 87, 1C, 24, E9, 39, 60, FC, FF, 52, 9C, E8, 19, 36, FE, FF, 3F, 81, AF, BF, AA, 50, E4, 18, 5A, 81, EA, D6... 
[+]

Entropy:

6.8601

Packer / compiler:

Xtreme-Protector v1.05

Code size:

928.5 KB (950,784 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PasswordManagerXP

Command:

"C:\Program Files\password manager xp\pwdmanager.exe" \min

Scan PwdManager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.