» ShadowProtectSvc.exe
Overview
Analysis
File Details
Behaviors (1)

ShadowProtectSvc.exe

ShadowProtect

StorageCraft Technology Corporation

It runs as a separate (within the context of its own process) windows Service named “ShadowProtect Service”.

File name:

Publisher:

StorageCraft Technology Corporation (signed and verified)

Product:

ShadowProtect (TM)

Description:

ShadowProtect Backup Agent

Version:

4.0.5.0

MD5:

15a4342b31c0d334ae8ad19399feea96

SHA-1:

0374a9de41bf5527d83abe727d2e3727f816029b

SHA-256:

3385a8d4610f9a9a905c844fdf78118272c60d46672b1bee0597d3b62c96e2b3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 4:24:36 AM UTC (today)

File size:

3.5 MB (3,631,648 bytes)

Product version:

4.0.5.7906

Original file name:

ShadowProtectSvc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\storagecraft\shadowprotect\shadowprotectsvc.exe

Digital Signature

Signed by:

StorageCraft Technology Corporation

Authority:

VeriSign, Inc.

Valid from:

1/21/2008 11:00:00 AM

Valid to:

1/21/2011 10:59:59 AM

Subject:

CN=StorageCraft Technology Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=StorageCraft Technology Corporation, L=Draper, S=Utah, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1749DFDF6A98C67032147AB922F0690E

File PE Metadata

Compilation timestamp:

12/14/2010 9:29:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

83.82

CTPH (ssdeep):

49152:GrBW9slz3mZhU+NHhwoRPQBbTOMMUY6fSGzdaHg/kspAALSWaenzjXAoA++Qa:GzYtyoceNUhfSGzd99AAGyHAD

Entry address:

0x49B000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB... 
[+]

Entropy:

7.4076

Packer / compiler:

ASPack v1.08.04

Code size:

316 KB (323,584 bytes)

Service

Display name:

ShadowProtect Service

Service name:

ShadowProtectSvc

Description:

ShadowProtect Service schedules backup tasks remotely. For more details visit www.storagecraft.com

Type:

Win32OwnProcess

Depends on:

RPCSS vds

Scan ShadowProtectSvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.