home

powerdiskws.exe

SOFTPERFECT PTY. LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RAMDiskForWorkstations’.
Publisher:
Vishwa Technologies  (signed by SOFTPERFECT PTY. LTD.)

Description:
Vishwa Technologies Power Drive (32-bit)

Version:
3.4.8.0

MD5:
0e0f4703f38bbc388cbe436a216b0b3b

SHA-1:
1a3343a05b7879b4d46958ea1a1c0f4bd336aa0a

SHA-256:
882644d002c4463b80a74dd58d478c4ee0e243b3629d94569377d6d63eb2e0f7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 12:31:48 AM UTC  (today)

File size:
2.2 MB (2,355,344 bytes)

Product version:
3.4.8.0

Copyright:
2016 Vishwa Technologies

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Common path:
C:\Program Files\vishwa technologies power drive\powerdiskws.exe

Digital Signature
Signed by:
SOFTPERFECT PTY. LTD.

Authority:
DigiCert Inc

Valid from:
3/31/2015 5:30:00 AM

Valid to:
4/3/2018 5:30:00 PM

Subject:
CN=SOFTPERFECT PTY. LTD., O=SOFTPERFECT PTY. LTD., L=FORTITUDE VALLEY, S=Queensland, C=AU

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
089CBDB4B3C796312FE26CC5F616A9F6

File PE Metadata
Compilation timestamp:
10/16/2016 8:55:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:0iZ4smOZ6Med7lgso1KlRNAKVEd5D5R4OFsipSKNAJUjB/:05/O0VNlDuKlXM5laKoKKJqt

Entry address:
0x63EBCB

Entry point:
EB, 08, 98, DE, 10, 00, 00, 00, 00, 00, E9, E7, 0B, E0, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 40, 00, 0C, 00, 00, 00, 26, 38, 00, 08, 00, 90, 40, 00, 0C, 00, 00, 00, 36, 3B, 00, 0B, 00, A0, 40, 00, 0C, 00, 00, 00, D5, 3E, 00, 0E, 00, B0, 40, 00, 0C, 00, 00, 00, 68, 36, D0, 39, 00, C0, 40, 00, 0C, 00, 00, 00, CE, 30, DE, 37, 00, F0, 40, 00, 10, 00, 00, 00, 56, 35, 9C, 35, AC, 35, 00...
 
[+]

Entropy:
7.9790  (probably packed)

Code size:
2.5 MB (2,580,480 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RAMDiskForWorkstations

Command:
"C:\Program Files\vishwa technologies power drive\powerdiskws.exe" \hide


Scan powerdiskws.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.