» RME.exe
Overview
Analysis
File Details
Behaviors (1)

RME.exe

CE-Infosys GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Removable Media Utility’.

File name:

RME.exe

Publisher:

CE-Infosys (signed by CE-Infosys GmbH)

Description:

Removable Media Encryption

Version:

1, 7, 5, 0

MD5:

c0476c275ac59d73c0dbf883b7e5138c

SHA-1:

dba7c3800dded32586828bba7734ae4f1fab06c8

SHA-256:

b5a48c3dc259376f43819711cb7e450419944d8b7190c8efc04f4259ee37d34a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 5:35:29 AM UTC (today)

File size:

774.1 KB (792,640 bytes)

Product version:

0, 0, 0, 0

Original file name:

RME.exe

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\ce-infosys\compusec\rme.exe

Digital Signature

Signed by:

CE-Infosys GmbH

Authority:

GlobalSign nv-sa

Valid from:

11/27/2012 2:53:16 AM

Valid to:

2/19/2015 11:25:03 PM

Subject:

E=info@ce-infosys.com, CN=CE-Infosys GmbH, O=CE-Infosys GmbH, L=Bodenheim, S=Rheinland-Pfalz, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B8A966C153B39D96B6902AFEF2237F77

File PE Metadata

Compilation timestamp:

9/4/2009 5:20:23 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0x485B0

Entry point:

48, 83, EC, 28, E8, B7, C8, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 83, EC, 38, 48, C7, 44, 24, 20, 00, 00, 00, 00, E8, 4E, C9, 00, 00, 48, 83, C4, 38, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 8B, C1, 0F, B7, 10, 48, 83, C0, 02, 66, 85, D2, 75, F4, 48, 2B, C1, 48, D1, F8, 48, 83, E8, 01, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 66, 90, 66, 66, 66, 90, 66, 90, 48, 8B, C1, 48, F7, D9, 48, A9, 07, 00, 00, 00, 74, 0F, 66, 90... 
[+]

Entropy:

6.4322

Code size:

386 KB (395,264 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Removable Media Utility

Command:

C:\Program Files\ce-infosys\compusec\rme.exe

Scan RME.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.