home

usbsafelyremove.exe

USBSafelyRemove

Crystal Rich, Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘USB Safely Remove’.
Publisher:
Crystal Rich, Ltd  (signed and verified)

Product:
USBSafelyRemove

Description:
USB and SATA Device Manager

Version:
4.3.2.950

MD5:
9bbb01eaaac23e93a8eb3b19c0a9ba91

SHA-1:
79e051819d4b09bf75f6a8d52587c87123563ef6

SHA-256:
bb2da3b122611e75aea83da9f4cc2abf6f1bc6e725d84fa93bd57f982a7b684c

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 9:41:28 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/17411

File size:
1.4 MB (1,498,448 bytes)

Product version:
4.3.2.950

Copyright:
Copyright © 2010 by Crystal Rich Ltd

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\usb safely remove\usbsafelyremove.exe

Digital Signature
Signed by:
Crystal Rich, Ltd

Authority:
VeriSign, Inc.

Valid from:
11/23/2009 12:00:00 AM

Valid to:
11/24/2010 11:59:59 PM

Subject:
CN="Crystal Rich, Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crystal Rich, Ltd", L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54B3167B86CDCBCEA4DF714F2DB82384

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:+tZNdTwbshcbGuiRtBJmWx0iokwrf5SOnFCZYMbAtSk6QmXD4hggrCC5:QdT9cbnyBF2iobr3GNYmsGgJ5

Entry address:
0x1000

Entry point:
68, 01, 40, 72, 00, E8, 01, 00, 00, 00, C3, C3, 95, BA, 53, B3, AA, 5F, 3B, C4, 40, 1D, 85, F7, 1B, 9C, A6, 7C, 1A, 36, 94, B7, 31, 6E, 2E, 3A, 81, C2, 9C, C4, 19, AA, 29, 44, 6E, 6A, 47, 39, CB, 40, 7E, 60, 99, 99, 43, 3B, D3, 36, C4, 00, 7E, 68, B0, C7, C2, 38, D8, 1D, 89, 9A, 75, FE, 07, 82, C9, DE, C8, AD, F3, 4D, 93, 35, BF, F8, E4, F0, B4, 56, 5B, 2D, 18, C1, E8, 38, 50, 8D, 74, 04, 01, 4A, A5, 6C, E6, E3, 10, 8F, 23, B4, C2, BD, 66, 06, 63, 6F, 37, C3, 41, 06, BC, B1, 89, 63, 88, 54, 22, 87, BB, CC...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1.9 MB (2,005,504 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Safely Remove

Command:
C:\Program Files\usb safely remove\usbsafelyremove.exe \startup


Scan usbsafelyremove.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.