expandrive.exe

ExpanDrive, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ExpanDrive’. This is installed with ExpanDrive.
Publisher:
ExpanDrive, Inc.  (signed and verified)

MD5:
927a154d5f184de4653043730e57d227

SHA-1:
b92b386ec0dc78c36877c49761bc074992327071

SHA-256:
f3c94209fe00fec12f3694b6b22b81dce291031aa09290649900077152331bd9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 5:33:42 PM UTC  (today)

File size:
1.5 MB (1,617,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\expandrive\expandrive.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/6/2012 7:19:59 PM

Valid to:
4/10/2013 9:03:57 PM

Subject:
CN="ExpanDrive, Inc.", O="ExpanDrive, Inc.", L=Boston, S=MA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121866A0ADCEDD4D8B4D11C870915728744

File PE Metadata
Compilation timestamp:
3/22/2012 2:43:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:5/rttY18EVacu3Nwup8+gigI18EVacuk:5/Q18EVacuKZil18EVacu

Entry address:
0x3EBB2

Entry point:
E8, 6C, 06, 00, 00, E9, 63, FD, FF, FF, FF, 25, 80, 82, 44, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 16, 80, F9, 20, 73, 06, 0F, AD, D0, D3, FA, C3, 8B, C2, C1, FA, 1F, 80, E1, 1F, D3, F8, C3, C1, FA, 1F, 8B, C2, C3, CC...
 
[+]

Entropy:
6.0412

Code size:
281.5 KB (288,256 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ExpanDrive

Command:
C:\Program Files\expandrive\expandrive.exe \autorun


The file expandrive.exe has been discovered within the following program.

ExpanDrive  by ExpanDrive, Inc.
About 2% of users remove it
 
Powered by Should I Remove It?

Scan expandrive.exe - Powered by Reason Core Security