» usbsafelyremove.exe
Overview
Analysis
File Details
Behaviors (1)

usbsafelyremove.exe

USB Safely Remove

NGO

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘USB Safely Remove’.

File name:

usbsafelyremove.exe

Publisher:

Crystal Rich Ltd (signed by NGO)

Product:

USB Safely Remove

Description:

USB Safely Remove - an enhanced replacement for Windows safe removal tool

Version:

5.2.1.1195

MD5:

b506b91f56f6f4fac996a679aa7d92b2

SHA-1:

1169b34a98b03fd40193b7bae665f9ffcf0f49a6

SHA-256:

9a1ea4ea4102430689777fa0090873a57850066ebdc3259a48c865fe338858b4

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/20/2024 9:31:41 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/Heur

2015.0.4477

File size:

5.6 MB (5,900,288 bytes)

Product version:

5.2.1.1195

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\Program Files\usb safely remove\usbsafelyremove.exe

Digital Signature

Signed by:

NGO

Authority:

NGO

Valid from:

2/16/2010 5:01:56 PM

Valid to:

12/31/1939 11:59:59 PM

Subject:

CN=NGO

Issuer:

CN=NGO

Serial number:

07BB35BC5AFF14BF428073A13E5B77ED

File PE Metadata

Compilation timestamp:

9/10/1987 7:27:18 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:jzectWuKmg5JQs7AYM+CiF63Zuk0EgT4TITW:HePogAoAYM+Ciwuk0EGW

Entry address:

0x405000

Entry point:

68, 48, 28, 3E, 00, 60, 9C, B3, 03, B8, 3B, 00, 00, 00, E8, 31, 00, 00, 00, EB, 08, 56, 4D, 5F, 53, 54, 41, 52, 54, 8B, 10, F7, D2, C1, C2, 10, 81, F2, 46, 46, 46, 21, 89, 10, 83, C0, 04, 3B, C1, 7E, E0, 4B, 84, DB, 75, D1, EB, 08, 56, 4D, 5F, 56, 4D, 45, 4E, 44, EB, 0A, 03, 04, 24, 8D, 88, 75, 0C, 00, 00, C3, B9, B9, 51, A9, 51, 67, B9, 4E, B9, 51, BB, DE, B9, B9, FF, DE, 9D, 9D, B8, 9A, 46, 46, 01, 4A, B9, B9, 46, 36, BA, BD, B9, DE, 31, 20, 9D, 53, B9, E7, B2, DE, 8D, B9, 38, 18, 03, BA, B9, DE, B9, 32... 
[+]

Entropy:

6.0943

Code size:

8 KB (8,192 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

USB Safely Remove

Command:

C:\Program Files\usb safely remove\usbsafelyremove.exe \startup

Scan usbsafelyremove.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.