» windrivesync_.exe
Overview
Analysis
File Details
Behaviors (1)

windrivesync_.exe

Window Drive Manager

IT NAVIGATOR LLC

The application windrivesync_.exe by IT NAVIGATOR has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Window Drive Manager2”.

File name:

windrivesync_.exe

Publisher:

Slideway Inc. (signed by IT NAVIGATOR LLC)

Product:

Window Drive Manager

Version:

12.5.80.3

MD5:

61cfbbbe8d7773ef399a81de16d91fb3

SHA-1:

8475eddc0090f5020e19e195675a372f710768a7

SHA-256:

8b81ce1ae9d486166ac4fe200e6f524784a0d73c433023c6b798236b676d0b50

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/28/2024 12:35:02 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WinRaw (L)

16.9.2.20

File size:

137.7 KB (140,984 bytes)

Product version:

12.5.80.3

Original file name:

Window Drive Manager

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\Program Files\windriveuse\windrivesync_.exe

Digital Signature

Signed by:

IT NAVIGATOR LLC

Authority:

COMODO CA Limited

Valid from:

12/19/2015 6:00:00 PM

Valid to:

12/19/2016 5:59:59 PM

Subject:

CN=IT NAVIGATOR LLC, OU=IT, O=IT NAVIGATOR LLC, STREET="Bud. 46a kv. 519, vul.Fedora Zaitseva", L=Kyyiv, S=Kyyiv, PostalCode=83000, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

61BAEECB4D5416E1BE7333F527ED08F2

File PE Metadata

Compilation timestamp:

3/30/2016 7:30:47 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

3072:Wa6QqIARKpAxcVX3Jwr2prmjY2L2EYDogHODCmj:WtKlphVH6T2ltEj

Entry address:

0x6DEF

Entry point:

E8, D3, 69, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, FF, 15, 00, 71, 41, 00, 6A, 01, A3, CC, 07, 42, 00, E8, F2, 6A, 00, 00, FF, 75, 08, E8, 9A, 6E, 00, 00, 83, 3D, CC, 07, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, D8, 6A, 00, 00, 59, 68, 09, 04, 00, C0, E8, 68, 6E, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, AA, DF, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, B0, 05, 42, 00, 89, 0D, AC, 05, 42, 00, 89, 15, A8, 05, 42, 00, 89, 1D, A4, 05, 42, 00, 89, 35, A0, 05, 42, 00, 89, 3D, 9C... 
[+]

Entropy:

6.4559

Code size:

86 KB (88,064 bytes)

Service

Display name:

Window Drive Manager2

Service name:

WinDriveSvc2

Type:

Win32OwnProcess

Remove windrivesync_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.