» windrivesync.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

windrivesync.exe

Window Drive Manager

IT NAVIGATOR LLC

The application windrivesync.exe by IT NAVIGATOR has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Window Drive Manager”. This file is typically installed with the program Window Drive Manager by Slideway Inc..

File name:

windrivesync.exe

Publisher:

Slideway Inc. (signed by IT NAVIGATOR LLC)

Product:

Window Drive Manager

Version:

12.5.80.4

MD5:

517c356f87a97c888b4662784e3acc79

SHA-1:

51a74d8657d77d9bbbbd25e8f689675e66684200

SHA-256:

23f1deb7e368f946269127dcbc9e648be26dd513dd2d15c2204d3df179708ce7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/28/2024 12:45:10 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WinRaw (L)

16.9.2.20

File size:

137.7 KB (140,984 bytes)

Product version:

12.5.80.4

Original file name:

Window Drive Manager

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\Program Files\windriveuse\windrivesync.exe

Digital Signature

Signed by:

IT NAVIGATOR LLC

Authority:

COMODO CA Limited

Valid from:

12/19/2015 7:00:00 PM

Valid to:

12/19/2016 6:59:59 PM

Subject:

CN=IT NAVIGATOR LLC, OU=IT, O=IT NAVIGATOR LLC, STREET="Bud. 46a kv. 519, vul.Fedora Zaitseva", L=Kyyiv, S=Kyyiv, PostalCode=83000, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

61BAEECB4D5416E1BE7333F527ED08F2

File PE Metadata

Compilation timestamp:

3/29/2016 11:43:01 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

3072:cy6U2UARKpAxcVX3J7XyprmjYzL2EYDVjLODE:cV+lphVHv42l9X

Entry address:

0x6DEF

Entry point:

E8, D3, 69, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, FF, 15, 00, 71, 41, 00, 6A, 01, A3, CC, 07, 42, 00, E8, F2, 6A, 00, 00, FF, 75, 08, E8, 9A, 6E, 00, 00, 83, 3D, CC, 07, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, D8, 6A, 00, 00, 59, 68, 09, 04, 00, C0, E8, 68, 6E, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, AA, DF, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, B0, 05, 42, 00, 89, 0D, AC, 05, 42, 00, 89, 15, A8, 05, 42, 00, 89, 1D, A4, 05, 42, 00, 89, 35, A0, 05, 42, 00, 89, 3D, 9C... 
[+]

Entropy:

6.4550

Code size:

86 KB (88,064 bytes)

Service

Display name:

Window Drive Manager

Service name:

WinDriveSvc

Type:

Win32OwnProcess

The file windrivesync.exe has been discovered within the following program.

Window Drive Manager by Slideway Inc.

About 4% of users remove it

Remove windrivesync.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.