deleter.exe

Secure File Deleter

Yury Saprykin

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘sfdlt 5 check updates and quit’.
Publisher:
CYROBO LTD  (signed by Yury Saprykin)

Product:
Secure File Deleter

Version:
5.01.0.0

MD5:
b664aaa4ad0ab4e0f5fac296970d5927

SHA-1:
6f7173250524cfc226f1c2f17521a4063e3bda0e

SHA-256:
eb8a9c95ac090d905bb15092d541f573b6bedae384249651ba63d0ec18f7df1b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 6:02:18 PM UTC  (today)

File size:
279.8 KB (286,528 bytes)

Product version:
5.01.0.0

Copyright:
CYROBO © 2002-2016

Original file name:
deleter.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\secure file deleter 5\deleter.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/13/2014 2:00:00 AM

Valid to:
3/13/2017 1:59:59 AM

Subject:
CN=Yury Saprykin, O=Yury Saprykin, STREET=Prospekt Revolucii 25, L=Voronezh, S=VO, PostalCode=394000, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C71956DD75CB37084C7A30D3E4519F3E

File PE Metadata
Compilation timestamp:
1/2/2016 11:11:18 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:mngydDHCn9AX+ZQ4X4d9uHXRt+XjBDzV5VsKon3UW:0g4DHCn9AMQ4Xm9uHXKf56KdW

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.4503

Code size:
163 KB (166,912 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
sfdlt 5 check updates and quit

Command:
"C:\Program Files\secure file deleter 5\deleter.exe" protocol3


Scan deleter.exe - Powered by Reason Core Security