home

usbsafelyremove.exe

USBSafelyRemove

Crystal Rich, Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USB Safely Remove’.
Publisher:
Crystal Rich Ltd  (signed by Crystal Rich, Ltd)

Product:
USBSafelyRemove

Description:
USB and SATA Device Manager

Version:
4.6.2.1140

MD5:
d96beaab3d48e035c6a2bddeb8f1601f

SHA-1:
ff63bec47c9fdf43727cdad4bc258fb435202e7a

SHA-256:
9536901fd25a646d3122e25c76ea584e14eb9307d1aa224c61b9b60b3dd3c2cd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 3:45:01 AM UTC  (today)

File size:
1.8 MB (1,927,967 bytes)

Product version:
4.6.2.1140

Copyright:
Copyright © 2011 by Crystal Rich Ltd

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\usb safely remove\usbsafelyremove.exe

Digital Signature
Signed by:
Crystal Rich, Ltd

Authority:
VeriSign, Inc.

Valid from:
12/2/2010 8:00:00 AM

Valid to:
12/3/2011 7:59:59 AM

Subject:
CN="Crystal Rich, Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crystal Rich, Ltd", L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
582E502BCA04FD9767BEE4917A3608A0

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:DFIAujWnR5y0FwXJ8P8DVSm7ERcTEmFYxRyF:xHlRAIwX+8DYqjTEmFXF

Entry address:
0x1000

Entry point:
E9, B3, 0E, 09, 00, E8, 01, 00, 00, 00, C3, C3, 95, BA, 08, EF, 7D, E1, 30, 24, 80, 69, A3, 35, EF, A7, AF, 72, F7, 87, 18, BE, AB, 7A, 2F, 13, 44, E6, 6C, E2, D6, 88, 89, A3, 55, 31, 3E, 60, CA, 95, 1A, 86, 40, 01, 30, 27, 5D, 82, 22, 76, 90, A9, F4, 6C, 38, 39, 79, DA, E2, F2, 04, 64, 96, 6E, A0, EE, 5E, ED, FE, 2D, C4, 3A, AE, 01, 82, 43, F4, EA, 2D, 85, 2B, 58, 0D, C8, C6, 09, 4D, BD, 69, EE, CD, 89, 99, B9, EB, 13, 26, DE, 86, 29, 32, 96, 61, 1A, CB, 3C, 23, 20, 65, 9D, EE, 3D, 7E, 85, 9A, D2, 1B, 4E...
 
[+]

Entropy:
7.4905

Packer / compiler:
Xtreme-Protector v1.05

Code size:
2 MB (2,110,464 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Safely Remove

Command:
C:\Program Files\usb safely remove\usbsafelyremove.exe \startup


Scan usbsafelyremove.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.