» usbflashcopy1.6full.exe
Overview
Analysis
File Details
Behaviors (1)

usbflashcopy1.6full.exe

Imposant

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘USBFlashCopy’.

File name:

Publisher:

Imposant (signed and verified)

MD5:

501e7b4eb846b90f0fec21980aed35d7

SHA-1:

775e1729192441b4637de470b6546e3b08e92db5

SHA-256:

106c9984c8c038b42a1be9c3ff78617d08952ea0ef4a8082d90684ecbe767112

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 5:59:04 AM UTC (today)

File size:

250.7 KB (256,688 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\usbflashcopy1.6full.exe

Digital Signature

Signed by:

Imposant

Authority:

COMODO CA Limited

Valid from:

8/3/2011 5:30:00 AM

Valid to:

8/3/2012 5:29:59 AM

Subject:

CN=Imposant, OU=Software Development, O=Imposant, STREET="17-76, Olimpiyskaya derevnya", STREET=Michurinsky prospekt, L=Moscow, S=Moscow, PostalCode=119602, C=RU

Issuer:

CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0090B457B9BE7BD6646F3D32CB6347AA47

File PE Metadata

Compilation timestamp:

8/1/2011 12:31:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:RxOyODKvRJrHbpVjKr4CCYqD6b42G/EsLa54r54uayUTE/em/Y7vbqHrISexKbP:jYDGRJrHbDpvDD6bFGtu2euaHr2P

Entry address:

0x103D8

Entry point:

E8, 25, 3D, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 68, 12, 42, 00, 89, 0D, 64, 12, 42, 00, 89, 15, 60, 12, 42, 00, 89, 1D, 5C, 12, 42, 00, 89, 35, 58, 12, 42, 00, 89, 3D, 54, 12, 42, 00, 66, 8C, 15, 80, 12, 42, 00, 66, 8C, 0D, 74, 12, 42, 00, 66, 8C, 1D, 50, 12, 42, 00, 66, 8C, 05, 4C, 12, 42, 00, 66, 8C, 25, 48, 12, 42, 00, 66, 8C, 2D, 44, 12, 42, 00, 9C, 8F, 05, 78, 12, 42, 00, 8B, 45, 00, A3, 6C, 12, 42, 00, 8B, 45, 04, A3, 70, 12, 42, 00, 8D, 45, 08, A3, 7C, 12, 42, 00, 8B... 
[+]

Entropy:

5.6980

Code size:

104 KB (106,496 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

USBFlashCopy

Command:

C:\users\{user}\appdata\local\temp\{random}.tmp\usbflashcopy1.6full.exe

Scan usbflashcopy1.6full.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.