» powerdiskws.exe
Overview
Analysis
File Details
Behaviors (1)

powerdiskws.exe

SOFTPERFECT PTY. LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RAMDiskForWorkstations’.

File name:

powerdiskws.exe

Publisher:

Vishwa Technologies (signed by SOFTPERFECT PTY. LTD.)

Description:

Vishwa Technologies Power Drive (64-bit)

Version:

3.4.8.0

MD5:

28a9834ccf48eab6be3222b1db5ee27e

SHA-1:

0dd8463710f7f5837ab277f2a6af194fd0d4c0e7

SHA-256:

c813d8e1861e0cb93b4e0254464760e1901c72ab2ca6be55a7f195684543df29

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/2/2024 5:27:06 PM UTC (today)

File size:

3.2 MB (3,378,832 bytes)

Product version:

3.4.8.0

2016 Vishwa Technologies

File type:

Executable application (Win64 EXE)

Language:

English (Australia)

Common path:

C:\Program Files\vishwa technologies power drive\powerdiskws.exe

Digital Signature

Signed by:

SOFTPERFECT PTY. LTD.

Authority:

DigiCert Inc

Valid from:

3/31/2015 5:30:00 AM

Valid to:

4/3/2018 5:30:00 PM

Subject:

CN=SOFTPERFECT PTY. LTD., O=SOFTPERFECT PTY. LTD., L=FORTITUDE VALLEY, S=Queensland, C=AU

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

089CBDB4B3C796312FE26CC5F616A9F6

File PE Metadata

Compilation timestamp:

10/16/2016 8:55:26 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0x9823E0

Entry point:

EB, 08, A0, 2F, 2B, 00, 00, 00, 00, 00, E9, 63, A3, E1, FF, E9, 51, C9, FC, FF, A8, 59, 73, 72, 64, DD, 31, BF, 07, 84, EB, 31, 3F, 11, EB, 40, 31, 3F, 2B, 4C, 3F, 31, EA, 3D, E0, E5, 2A, 36, FB, 1E, E5, F7, C0, E8, F5, 52, F7, 40, E6, 73, 28, F7, C0, E1, 3E, BD, F7, 40, E2, BE, 57, F7, 40, EC, 1E, 29, F7, 40, FB, 50, D1, F7, 40, F8, F2, DF, F7, C0, EE, BD, 0C, F7, C0, D4, 2E, FB, F7, 15, C2, 18, D1, EC, C9, 04, 2E, E1, 31, 3F, 17, F5, 26, 31, BF, 19, 35, 64, B1, 2F, 09, 95, 72, 3A, 41, FF, FF, FF, FF, DE... 
[+]

Entropy:

7.9195 (probably packed)

Code size:

3.8 MB (4,004,352 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RAMDiskForWorkstations

Command:

"C:\Program Files\vishwa technologies power drive\powerdiskws.exe" \hide

Scan powerdiskws.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.