» powerdiskws.exe
Overview
Analysis
File Details
Behaviors (1)

powerdiskws.exe

SOFTPERFECT PTY. LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RAMDiskForWorkstations’.

File name:

powerdiskws.exe

Publisher:

Vishwa Technologies (signed by SOFTPERFECT PTY. LTD.)

Description:

Vishwa Technologies Power Drive (32-bit)

Version:

3.4.8.0

MD5:

d44d1a73105b346cfd80fb85de8c3417

SHA-1:

6afeac102b6f64f243c2cfd40e59c8a124beb212

SHA-256:

8961d949d38088d5425eba5f021bac2bad49ef7819dc2ddb1f4e989a76a35d25

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

1/13/2025 8:55:03 AM UTC (today)

File size:

2.3 MB (2,389,136 bytes)

Product version:

3.4.8.0

2016 Vishwa Technologies

File type:

Executable application (Win32 EXE)

Language:

English (Australia)

Common path:

C:\Program Files\vishwa technologies power drive\powerdiskws.exe

Digital Signature

Signed by:

SOFTPERFECT PTY. LTD.

Authority:

DigiCert Inc

Valid from:

3/31/2015 5:30:00 AM

Valid to:

4/3/2018 5:30:00 PM

Subject:

CN=SOFTPERFECT PTY. LTD., O=SOFTPERFECT PTY. LTD., L=FORTITUDE VALLEY, S=Queensland, C=AU

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

089CBDB4B3C796312FE26CC5F616A9F6

File PE Metadata

Compilation timestamp:

12/22/2016 9:09:06 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x651F16

Entry point:

EB, 08, B6, 0E, 23, 00, 00, 00, 00, 00, E9, 13, B3, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9799 (probably packed)

Code size:

2.5 MB (2,594,816 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RAMDiskForWorkstations

Command:

"C:\Program Files\vishwa technologies power drive\powerdiskws.exe" \hide

Scan powerdiskws.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.