home

usbsafelyremove.exe

USBSafelyRemove

Crystal Rich, Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘USB Safely Remove’.
Publisher:
Crystal Rich, Ltd  (signed and verified)

Product:
USBSafelyRemove

Description:
USB and SATA Device Manager

Version:
4.2.4.845

MD5:
a8f8e179deb273b0c6cd7cb582f6b83d

SHA-1:
510266bf585a051f576251bc862d1561e0976cd9

SHA-256:
07b6e1253647c4c49fd7deae94fdfdc60ed39bff4f7d9d515d9923be940f0097

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/24/2024 1:41:04 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Detection.Undefined
9.0.1.05190

File size:
2.5 MB (2,636,560 bytes)

Product version:
4.2.4.845

Copyright:
Copyright © 2009 by Crystal Rich Ltd

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\usb safely remove\usbsafelyremove.exe

Digital Signature
Signed by:
Crystal Rich, Ltd

Authority:
VeriSign, Inc.

Valid from:
11/24/2008 7:00:00 AM

Valid to:
11/25/2009 6:59:59 AM

Subject:
CN="Crystal Rich, Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crystal Rich, Ltd", L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
26B48085B616B9641F205166660DF73C

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:HwH+rw99k1XULSooooKi0oi1m1SV+FDn3tSd/z5zxBQmX3O1a4q:HwH+M9k1yoK5oi1mvM/18mHga

Entry address:
0x1000

Entry point:
68, 01, D0, 71, 00, E8, 01, 00, 00, 00, C3, C3, 04, 77, 24, F3, 66, 5C, 6A, 64, 62, 6A, 0A, 65, BC, 23, B3, 4C, 30, 32, F8, 0C, 75, D9, 14, 53, 29, 87, C8, 78, D6, 41, 6B, F6, BE, 4B, 73, 37, 43, B8, 40, 43, F0, CB, 4D, 6A, 7B, 17, 59, 4F, 47, 5A, D0, A7, 33, 9B, AC, D8, DF, 25, DE, CF, BB, 70, AC, 5E, 14, 0D, 0D, C5, BD, 64, 67, 5B, 94, 7A, 42, 35, F5, 8E, 4B, 11, 65, 69, A2, D9, 7B, BF, AF, FD, 01, 6F, 33, 9E, 9A, 71, 71, D9, 72, C2, 31, 59, FF, CE, 91, 7D, 90, 51, 60, 3F, CA, 6C, 38, CC, 9C, 7F, 59, 5D...
 
[+]

Entropy:
5.2607

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1.9 MB (1,992,192 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Safely Remove

Command:
C:\Program Files\usb safely remove\usbsafelyremove.exe \startup


Scan usbsafelyremove.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.