sandisksecureaccess_manager.exe

RunSanDiskSecureAccess_Win

Gemalto SA

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SanDiskSecureAccess_Manager.exe’.
Publisher:
Gemalto N.V.  (signed by Gemalto SA)

Product:
RunSanDiskSecureAccess_Win

Version:
1.1.19755

MD5:
53af21eeb4894ca7c84a5a65e50d7a49

SHA-1:
2f287a1f783cd418cde756bc6aab60df0e56b903

SHA-256:
1de0a46d8472bc6b27ef8b69b2c3ff1939652e1cc3e7381e082777db990ea799

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 11:15:01 PM UTC  (a few moments ago)

File size:
29.3 MB (30,705,792 bytes)

Product version:
1.1.19755

Copyright:
Copyright (C) 2010

Original file name:
RunSanDiskSecureAccess_Win.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\sandisk\sandisksecureaccess_manager.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
12/27/2010 4:00:00 PM

Valid to:
12/27/2012 3:59:59 PM

Subject:
CN=Gemalto SA, OU=bouches du rhone, O=Gemalto SA, L=La Ciotat, S=bouches du rhone, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
743C30B49C98BCD42ACEA6662322529E

File PE Metadata
Compilation timestamp:
2/14/2012 3:37:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
393216:ZE0Qwp6wG4jYU/3jKIPPEuM2m3IDvC6CKdp7kQUtYc9skxD0uqSuVEtp/aD2JsvD:DQwDvPaIDv+Kdp7kQU3HPjz/T0vai

Entry address:
0x1D7B000

Entry point:
9C, 60, E8, 02, 00, 00, 00, 33, C0, 8B, C4, 83, C0, 04, 93, 8B, E3, 8B, 5B, FC, 81, EB, 07, 20, 40, 00, 87, DD, 83, BD, 3D, 29, 40, 00, 01, 0F, 84, 33, 04, 00, 00, 80, BD, 52, 2F, 40, 00, 00, 74, 37, 8D, 85, FB, 2C, 40, 00, 50, FF, 95, D7, 2C, 40, 00, 8D, 8D, 51, 2E, 40, 00, 50, 51, 50, FF, 95, C7, 2C, 40, 00, 89, 85, 61, 2E, 40, 00, 58, 8D, 8D, 0F, 2E, 40, 00, 51, 50, FF, 95, C7, 2C, 40, 00, 89, 85, BB, 2C, 40, 00, 8D, BD, E5, 31, 40, 00, 33, C0, 8A, 85, 37, 29, 40, 00, 3C, 05, 74, 72, 3C, 03, 0F, 84, 9C...
 
[+]

Entropy:
7.0039

Packer / compiler:
PEBundle v3.10

Code size:
19.8 MB (20,737,536 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SanDiskSecureAccess_Manager.exe

Command:
C:\users\{user}\appdata\roaming\sandisk\sandisksecureaccess_manager.exe


The file sandisksecureaccess_manager.exe has been discovered within the following program.

Infestation: Survivor Stories  by Hammerpoint Interactive
www.infestationmmo.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file sandisksecureaccess_manager.exe has been seen being distributed by the following 2 URLs.

temp:RunSanDiskSecureAccess_Win.exe

Scan sandisksecureaccess_manager.exe - Powered by Reason Core Security