home

usbsafelyremove.exe

USBSafelyRemove

Crystal Rich, Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘USB Safely Remove’.
Publisher:
Crystal Rich Ltd  (signed by Crystal Rich, Ltd)

Product:
USBSafelyRemove

Description:
USB and SATA Device Manager

Version:
4.6.2.1140

MD5:
bcc9625c390fac3b7ce538baaea77f09

SHA-1:
4bff3620dadc2c6b44d0b6d7f661fe0af12f9e2a

SHA-256:
cf8accb24998060884743e904f8d7fb32b6d5d69b1650a7a8aa74d6dc630496d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/16/2024 6:21:59 AM UTC  (today)

File size:
1.8 MB (1,849,688 bytes)

Product version:
4.6.2.1140

Copyright:
Copyright © 2011 by Crystal Rich Ltd

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\usb safely remove\usbsafelyremove.exe

Digital Signature
Signed by:
Crystal Rich, Ltd

Authority:
VeriSign, Inc.

Valid from:
12/2/2010 7:00:00 AM

Valid to:
12/3/2011 6:59:59 AM

Subject:
CN="Crystal Rich, Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crystal Rich, Ltd", L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
582E502BCA04FD9767BEE4917A3608A0

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:WFIAujWnR5y0FwXJTP8DVSm7ERcTEmFYxRO:qHlRAIwXF8DYqjTEmF5

Entry address:
0x1000

Entry point:
68, 01, 90, 78, 00, E8, 01, 00, 00, 00, C3, C3, 95, BA, 08, EF, 7D, E1, 30, 24, 80, 69, A3, 35, EF, A7, AF, 72, F7, 87, 18, BE, AB, 7A, 2F, 13, 44, E6, 6C, E2, D6, 88, 89, A3, 55, 31, 3E, 60, CA, 95, 1A, 86, 40, 01, 30, 27, 5D, 82, 22, 76, 90, A9, F4, 6C, 38, 39, 79, DA, E2, F2, 04, 64, 96, 6E, A0, EE, 5E, ED, FE, 2D, C4, 3A, AE, 01, 82, 43, F4, EA, 2D, 85, 2B, 58, 0D, C8, C6, 09, 4D, BD, 69, EE, CD, 89, 99, B9, EB, 13, 26, DE, 86, 29, 32, 96, 61, 1A, CB, 3C, 23, 20, 65, 9D, EE, 3D, 7E, 85, 9A, D2, 1B, 4E...
 
[+]

Entropy:
7.4653

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
2 MB (2,110,464 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Safely Remove

Command:
C:\Program Files\usb safely remove\usbsafelyremove.exe \startup


Scan usbsafelyremove.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.