home

usbsafelyremove.exe

USBSafelyRemove

Crystal Rich, Ltd

The executable usbsafelyremove.exe, “Safely Remove A Device In One Click” has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘USB Safely Remove’.
Publisher:
Crystal Rich, Ltd  (signed and verified)

Product:
USBSafelyRemove

Description:
Safely Remove A Device In One Click

Version:
4.0.9.760

MD5:
b99941f5331733ed27486604cca2d20f

SHA-1:
85a1516d142207586471214728e5e5a46634312e

SHA-256:
aebe25ca18803ce5ab7c6bb4a47f802f92947eff766f895079454c9dda24123a

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/16/2024 5:59:05 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.16.24

File size:
1.1 MB (1,178,327 bytes)

Product version:
4.0.9.760

Copyright:
Copyright © 2004-2008 by SafelyRemove.com

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\usb safely remove\usbsafelyremove.exe

Digital Signature
Signed by:
Crystal Rich, Ltd

Authority:
VeriSign, Inc.

Valid from:
11/23/2008 4:00:00 PM

Valid to:
11/24/2009 3:59:59 PM

Subject:
CN="Crystal Rich, Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crystal Rich, Ltd", L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
26B48085B616B9641F205166660DF73C

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1000

Entry point:
E9, B2, C5, 00, 00, E8, 01, 00, 00, 00, C3, C3, 8B, 08, C3, 4C, BB, CA, 01, 54, B0, D9, FA, 1B, FE, FC, EB, 8E, 3C, A8, D7, 09, B9, EB, 52, 6C, 57, FE, B7, A4, 7C, B8, 41, 33, 7C, FD, EA, B9, EE, A7, 94, C0, 30, 28, FB, 19, 7E, 8A, 86, 68, D1, 45, F5, B2, 31, 61, 09, 31, EF, 62, 78, 60, EA, 4C, 77, 16, D6, 46, 1F, 3F, 98, B3, A8, 26, 1C, 45, FD, 5B, E2, 14, 19, 94, ED, 29, 96, 67, F3, 33, FE, B6, 85, 31, 85, 5A, F9, F0, 56, 95, EE, 26, FD, 0E, C5, C7, 1B, EF, FF, 1E, 40, A0, A9, 96, B3, 9C, 90, 15, 07, 80...
 
[+]

Entropy:
7.9122

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.6 MB (1,666,560 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Safely Remove

Command:
C:\Program Files\usb safely remove\usbsafelyremove.exe \startup


Remove usbsafelyremove.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.