usbsafelyremove.exe

USB Safely Remove

Crystal Rich Ltd

The executable usbsafelyremove.exe, “USB Safely Remove - an enhanced replacement for Windows safe removal tool” has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘USB Safely Remove’.
Publisher:
Crystal Rich Ltd  (signed and verified)

Product:
USB Safely Remove

Description:
USB Safely Remove - an enhanced replacement for Windows safe removal tool

Version:
5.1.3.1186

MD5:
a0504eb141ea463a218e7779506f5ad4

SHA-1:
55017043130624f6e4df6d9073bdb140854e351f

SHA-256:
d5ddcfe892acb3491389332bfb18044528ae523dd6e03877d16a766c9306429c

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/15/2024 8:56:37 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
2.4 MB (2,501,447 bytes)

Product version:
5.1.3.1186

Copyright:
Copyright © 2012 by Crystal Rich Ltd

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\usb safely remove\usbsafelyremove.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/13/2011 6:00:00 AM

Valid to:
12/13/2012 5:59:59 AM

Subject:
CN=Crystal Rich Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Crystal Rich Ltd, L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
20C53F7597B1AB70BDA6CF9DE847708E

File PE Metadata
Compilation timestamp:
5/29/2012 6:24:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1000

Entry point:
E9, 0C, 50, 02, 00, E8, 01, 00, 00, 00, C3, C3, BB, 9B, 6F, 8C, D0, 7F, A6, E3, 6B, E2, A0, AC, 3B, 13, 8F, 28, 38, CA, E2, 25, A8, 86, EC, 3A, 26, 32, 0C, D8, 24, 02, D5, CE, 2B, DB, 22, 94, 8D, C0, 08, 44, C5, 3C, 03, C1, 9E, CF, 04, 70, 50, 77, A1, 29, 05, 3E, D8, AE, 02, 27, EB, 94, 4A, DD, 81, 76, D4, 12, BA, 1A, 4F, CC, 19, 51, 6C, 29, AD, 15, F2, 3C, 19, 95, 8D, EA, 9A, 8F, ED, 29, 29, 50, 58, DF, 6A, D1, 02, DA, 21, 5B, 09, 0A, 9F, D6, B6, D3, 94, 99, 6E, B5, 45, B1, F4, 88, 1F, B5, 02, 19, 1F, 5F...
 
[+]

Entropy:
7.6402

Packer / compiler:
Xtreme-Protector v1.05

Code size:
3.8 MB (4,017,152 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Safely Remove

Command:
C:\Program Files\usb safely remove\usbsafelyremove.exe \startup


Remove usbsafelyremove.exe - Powered by Reason Core Security