home

refsched.exe

Macrium Reflect

Paramount Software UK Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Reflect Scheduler’.
Publisher:
Macrium  (signed by Paramount Software UK Ltd)

Product:
Macrium Reflect

Description:
Reflect Scheduling Helper

Version:
2, 2, 1781, 1

MD5:
e2051663b91b4670f38a77370c8d5f6e

SHA-1:
bdd57e8e367e6b38985f29979665ae4ef18aec8c

SHA-256:
8062d429ff911b3f048557e98f0e103dac1fe889a35e1127c24e7a4892b09233

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 5:33:15 PM UTC  (today)

File size:
235 KB (240,608 bytes)

Product version:
2, 2, 1781, 1

Copyright:
Copyright Paramount Software UK Ltd (C) 2006

Original file name:
reflectsched.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\macrium\reflect\refsched.exe

Digital Signature
Signed by:
Paramount Software UK Ltd

Authority:
GlobalSign nv-sa

Valid from:
11/19/2007 12:12:04 PM

Valid to:
11/19/2010 12:12:04 PM

Subject:
E=nick@macrium.com, CN=Paramount Software UK Ltd, O=Paramount Software UK Ltd, C=GB

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000011657D28AD3

File PE Metadata
Compilation timestamp:
8/10/2008 9:20:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:/FKXC8tlqm9agt/OoU/EdUtFXDA0r/IWO9C71:/Ahtdl+/dUk/ItCZ

Entry address:
0xEAE3

Entry point:
E8, 0A, 92, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, 68, 60, D5, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 98, 52, 42, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0...
 
[+]

Entropy:
6.4196

Code size:
124 KB (126,976 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Reflect Scheduler

Command:
C:\Program Files\macrium\reflect\refsched.exe


Scan refsched.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.