home

usbsafelyremovesetup_5-3-5.exe

USB Safely Remove

Crystal Rich Ltd

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
SafelyRemove.com   (signed by Crystal Rich Ltd)

Product:
USB Safely Remove

Description:
USB Safely Remove Setup

Version:
5.3.5.1228

MD5:
114304dcfb80f112bb217c732ee41ddd

SHA-1:
25b80d20c23ab076a32972770d7a2191fbea9a9d

SHA-256:
d0153f57a72d0534fe98a11bd84d28626abef101d92be0f13799d0f149cf21d0

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 11:44:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Rising Antivirus
PE:AdWare.Win32.Eorezo.a!1075356178
23.00.65.15107

File size:
5.4 MB (5,663,544 bytes)

Product version:
5.3.5.1228

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Digital Signature
Signed by:
Crystal Rich Ltd

Authority:
VeriSign, Inc.

Valid from:
1/4/2014 2:00:00 AM

Valid to:
2/3/2017 1:59:59 AM

Subject:
CN=Crystal Rich Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Crystal Rich Ltd, L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
077EBA83916E963439554F9098F40B15

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:C4NqZoWurUJtvggOt5rADVG1osrgRQV3mD4ip1Nr4s2qN4:3q0eplI5rAI1f1V3yBpDr4s2qN4

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file usbsafelyremovesetup_5-3-5.exe has been seen being distributed by the following 12 URLs.

https://dw.uptodown.com/dwn/CHLvVba0BbC89GGObydkuTLEtnLcmgvIue3w7K8Ux5r-qviU5u7ixkbI-LvlGVTqOkwc4eiQyBLSrQeoBNeyEO28LZCyKlfpEboLJXKpjc9NEcxXFW-65oUsLvcUHqSN/9XZ0SQh8vwZaqMWy2fpxU7pojazrIEAyqGcpkXEDdzQAOSqm6D74SGuX2kcfHRst8P0LOW35oALdWj2dEvnom2aCZ4Cv2V_CV5A1oIYJqW16LYWzoydOv5FqDpj7ixp4/Gmd0d5nMuqv8SdKP-AlPJnpv35v8qFvhmSXKlQbKVaXo7a8-_gPjvEHSSel5sC0OqSMecAVLsmy7kD747NmAGR8aY0AgvftBq38vl5VezJydwKPj3mjzI-q4cMDI8Zia/.../

http://dw.uptodown.com/dwn/05HFW8QSXwdZuDJiAnTM1n59XEA_Z8eEmjh8MNaDdwrPlxWhmelWXpagsJ81zxgBMRM7Ml7_dCHbK_TLhqVs1x7uPqo5Dbi56QcN99_4xuN5mz7_RYvyp8aSCsx0aNvy/9GjltSWlEAEZmYZgSt2V9XaGAITEWXKnAgEArXU-Mpb_JyguGwX9zfJLamHKeDKQPLmAi8MtMOqDRF84Jp9AEnhnQtPQc1kFHJA_ODHCwGaRI5ZhWHdPJVD9qVq5JTlV/cjOPFq1QLRtjeBbO3CsXul9CWcEqLYMYVNxW9YfQFuZp74C18Rxg0YS0V0L4JCmEEUF1zGcmGVfEyRV3ArgYcrwaT_FvHQ0QjfzG-9KeapLiVMj4NnikEgTeZqNpIKu1/.../

https://dw.uptodown.com/dwn/hVDsCpzxReTL6LKfhtOpIAmcxlVkAdXjpjDRA1zmI7fKtnslWG376_PoM-cNf0zujb2UeHKw62U5p3JDYeWwUZEUuf7qbZBvnEmnEswvO98i4Wc0vgUzydBurqYbu-qp/1rsWSgJaJD6QeHn8j5vN9JgdcaAWfzOyhOQ_AmiUIiJyW6FCTaXlabd9bjRV4O49uGLVqnhuWAyPrGFhv6Tb24Qa-xK6ENPAgVtGT0KZj8qamRB_N3-aWQ0xiMO1hhxb/zxSETkzZiAsEOWkYEikIGNk_Af0MLwnJXk479zEic4ow0j6zRy7dnqBTvrXvJ94J-D384P97IOAhIf1PvYg9AOkbNv0jQqkIT0vdBl_Jp6kmQb6MBswEUuiQ92Us4B3U/.../

http://dw.uptodown.com/dwn/mx-oZmiCvMs2v1zTWCjR1jqtkq4aTtqw_SQyQKYgU4jtZ2f5HaB9x6bQeXz5CWYLcQmOF2oNeeAtoMut_GZ1dCHh5GAa77cJJLA9lINUkuW8yh-Ai43OThVxr2RiDGnp/mwWvlKd04NYvrLRfdEM83ys4fLSqNjI2TOnfQrAzycmjcHEgWoM8UzIBMFSFgBmiFxk5xNQtPg4XCqsamubBE95EC1NyNIdcbaUwPoffZ0dNyrfdcAcJ0EKrSTMNHMY9/Z7pxVxpRWUjYhR2os-MyIPDOCfidUW-iMxFhzZZhAy7rP7LBjbhiGyMD6XhUDC-uAYQaxCfxFGuYiuDZwaEaCs9HK13nXj84hW__vAeG7f6Ok5EVz6DICjZXR-wfio9z/.../

http://www.safelyremove.com/assets/.../usbsafelyremovesetup_5-3-5.exe

https://dw.uptodown.com/dwn/wR9_GnRuk2H7s3IoQkgG298TA1uPQ3vcFHmnA_n-Fr74BZ2wetvebuNUPshnYAB61AD4oC9J-CDb8dnIrSEzG3zmsbRRsfhnzZDwZ4Sp7vhpYcXREEE_55JBFzXYujUQ/NpOhQRWMOVKohl2UfAAoEaOqCSWCE8Dxt--6cKwDSto_qO9y50QfHqA7rakIaodvl4e_JbcbXd2SHrEZpXhmHIcguwJ330iHAK1C_V4WLBeQ3IDBsthXDD-a5XSv60qP/f_O56Cr5fXOi6m2sAQ2TEiEBWcXo0F48GSTogrjr8FhbxSfi0vt5drliE95J9l5RiFC18qskikLHluwP_Awff9QaAaRnIYeCjHUuvme-ifxrIEj25vP4t9wjgsU7upsa/.../

http://files.downloadnow.com/s/software/14/21/54/.../usbsafelyremovesetup_5-3-5.exe

https://dw.uptodown.com/dwn/RBwu6rDbsdkX0SqWcdpNaMt8Vf4tLrz076D9x4OONfLM4RMcOVkZB6QUrPqx0aNLTgsLWsP_Y9EyrM6iRUaKIOwGLc8igGOCGhgcSf6A9wZkU_V78R9KBrhczeoHnYjX/BfOyuBMXM1jCIAV4eEFsg2R-kOJqlQYRF25JU7cF33s7t-OZvnV395M7cD1_OxEVjvQgXj7sECgeMyGH2UU-dG5BSVgn_BPHs0Hcn9RXWfBdZyIrHjaW4e3cjxRZ3pFR/.../

http://dw.uptodown.com/dwn/0Lig1q70eBp8wG_KqCw6q8EcFr8fbcrwXvtkxHW52kutxqKp6YX8TbKYFCG9FxMMm81PGkYQDK2QR8HVJ_Wzzui6px4pHXdSVz8DWuzyeGZtqYYP6YdkdNCxcaC3NSvP/YULEbWapI36op0SFloj0OvYzJIn8es7-d15hxFein3clv1kS1RLkk7H9nyPdvw-pPciaCYcdlUCq3KtCmmdMX-PIPA7YfEkg3zfP2LXbwMwl7Hc0CjfuJxutW0iLNuaS/.../

http://www.safelyremove.com/startdownload.htm?imm&v=&t=

http://safelyremove.com/assets/.../usbsafelyremovesetup_5-3-5.exe

http://safelyremove.com/startdownload.htm?imm&v=&t=

Scan usbsafelyremovesetup_5-3-5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.