» PwdManager.exe
Overview
Analysis
File Details
Behaviors (1)

PwdManager.exe

Password Manager XP

Pavlo Matviienko

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PasswordManagerXP’.

File name:

PwdManager.exe

Publisher:

CP Lab (signed by Pavlo Matviienko)

Product:

Password Manager XP

Description:

Password Manager XP application

Version:

3.1.0.599

MD5:

f7c416b7af9edfa48b59675dedb1fb90

SHA-1:

a2604aad3f6a8cda84982ae0d005e681e4aa1aab

SHA-256:

06244fbb3725216692396322d8c3cf0594b2b426b27876c7cf39e28c2a24fa95

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 11:21:07 AM UTC (today)

File size:

1.7 MB (1,759,432 bytes)

Product version:

3.1

Original file name:

PwdManager.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\password manager xp\pwdmanager.exe

Digital Signature

Signed by:

Pavlo Matviienko

Authority:

StartCom Ltd.

Valid from:

8/19/2012 2:39:30 PM

Valid to:

8/21/2014 9:54:15 AM

Subject:

E=pavel.matvienko@cp-lab.com, CN=Pavlo Matviienko, L=Kiev, S=Kyyiv, C=UA, Description=lPEE8tQM8d41CxsR

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0702

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x152C98

Entry point:

E9, C3, F7, 02, 00, 65, B2, 17, 73, CB, 99, BA, 36, 94, F9, A1, 7C, 21, C3, 5C, 26, 3D, A5, D9, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 07, 77, 03, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 70, 75, 8C, 8B, 1E, 83, EE, FC, E9, A9, 50, 02, 00, E9, A1, 86, 05, 00, 9C, E8, EC, D9, F2, FF, 99, 86, 14, 73, 59, 49, C3, 8D, 58, 81, E8, 6C, C4, DF, CE, 81, F0, 4C, 65, 0A, 4E, 03, C5, E8, FE, 90, 00, 00, FB, 3F, BB, DE, 86, 05, C0, A2, 87, D8, E8, EF... 
[+]

Entropy:

6.8372

Packer / compiler:

Xtreme-Protector v1.05

Code size:

915 KB (936,960 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PasswordManagerXP

Command:

"C:\Program Files\password manager xp\pwdmanager.exe" \min

Scan PwdManager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.