How to remove DRWPRO.exe
DRWPRO.exe
The module DRWPRO.exe has been detected as Risk.CoinMiner
File Details
| Product Name: | EaseUS Data Recovery Wizard |
| Company Name: | CHENGDU YIWO Tech Development Co., Ltd |
| MD5: | 1e5975d753ef3b3a516453b636ea6c23 |
| Size: | 100 MB |
| First Published: | 2018-04-29 16:25:46 (6 years ago) |
| Latest Published: | 2018-05-10 19:10:54 (6 years ago) |
| Status: | Risk.CoinMiner (on last analysis) | |
| Analysis Date: | 2018-05-10 19:10:54 (6 years ago) |
Common Places:
| %sysdrive%\ease recovery\rsload.net.easeus.data.recovery.wizard.11.0 |
| %sysdrive%\erase c documents\recovered data 02-02 23_36_26\deep scan result\existing partition(ntfs)\users\max\appdata\local\temp\rsload.net.easeus.data.recovery.wizard.11.0..rar\rsload.net.easeus.data.recovery.wizard.11.0 |
| %sysdrive%\1. загрузки\2018\февраль\из инета 15-17 февраля\easeus data recovery wizard technician + pro 11.9 + portable x64\rsload.net.easeus.data.recovery.wizard.11.0..rar\rsload.net.easeus.data.recovery.wizard.11.0 |
| %sysdrive%\1. загрузки\2018\февраль\из инета 15-17 февраля\easeus data recovery wizard technician + pro 11.9 + portable x64\rsload.net.easeus.data.recovery.wizard.11.0 |
| %profile%\downloads\rsload.net.easeus.data.recovery.wizard.11.0.rar\rsload.net.easeus.data.recovery.wizard.11.0 |
| %profile%\downloads\rsload.net.easeus.data.recovery.wizard.11.0\rsload.net.easeus.data.recovery.wizard.11.0 |
Geography:
| 66.7% | ||
| 33.3% |
OS Version:
| Windows 10 | 66.7% | |
| Windows Server 2008 R2 | 33.3% |
Analysis
| Subsystem: | Windows GUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000140000000 |
| Entry Address: | 0x00002cb4 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 20992 | 41078bd64b2bdab2243daa18c7501e41 |
| .data | 0 | 00000000000000000000000000000000 |
| .pdata | 512 | b9dbe5eb7530a74cfda3ad8766457ef5 |
| .xcpad | 0 | 00000000000000000000000000000000 |
| .idata | 1536 | f2b17d620547f4a4206864188d178eeb |
| .reloc | 512 | e9b5a365d6580af2807cc9f60e49f7ac |
| .rsrc | 272384 | d6bd65e4a72b7c4c153bdedea3890676 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for DRWPRO.exe
