How to remove edrwkgn.exe

» File
File Details
Overview
Analysis

edrwkgn.exe

The module edrwkgn.exe has been detected as Rootkit.Gen

edrwkgn.exe

Remove edrwkgn.exe

File Details

Main Info:

Product Name:	EaseUS_DRW
MD5:	1974c88979debfe710d597fff868d0e5
Size:	3 MB
First Published:	2020-09-21 10:34:40 (5 years ago)
Latest Published:	2025-01-24 23:01:51 (10 months ago)

Analysis:

Status:	Rootkit.Gen (on last analysis)
Analysis Date:	2025-01-24 23:01:51 (10 months ago)

Overview

Digital Signature

Signed By:	????????????
Status:	Valid

Common Places:

%profile%\downloads\programs\easeus.data.recovery.wizard.technician.13.6.0.portable\app

%profile%\downloads\programs\easeus.data.recovery.wizard.technician.13.6.0.portable\app

%sysdrive%\$recycle.bin\s-1-5-21-3730955377-3262736296-847835398-1001\$rzjcz0i.7z\easeusdatarecoverywizard\app

%sysdrive%\$recycle.bin\s-1-5-21-3730955377-3262736296-847835398-1001\$rzjcz0i.7z\easeusdatarecoverywizard\app

%desktop%\subhash\easeus data recovery wizard te 13.5 full version\easeusdatarecoverywizard\app

%desktop%\subhash\easeus data recovery wizard te 13.5 full version\easeusdatarecoverywizard\app

%programfiles%\easeus

%desktop%\soft\13.6 ok pass\easeus data recovery wizard te 13.6 full version\easeusdatarecoverywizard\app

%desktop%\soft\13.6 ok pass\easeus data recovery wizard te 13.6 full version\easeusdatarecoverywizard\app

%temp%\rarsfx0\easeus data recovery_x64\app

Geography:

	30.8%
	15.4%
	15.4%
	15.4%
	7.7%
	7.7%
	7.7%

OS Version:

Windows 10	50.0%
Windows 7	35.7%
Windows 8.1	14.3%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	32
Image Base:	0x00400000
Entry Address:	0x002305f4

PE Sections:

Name	Size of data	MD5
.text	2281984	d4fd15019d077f4c186197bc56e207af
.itext	6144	428dbd02b48bcc62de2734a5866ce7d6
.data	37376	7688bf05365d691faf37aa8ad213d008
.bss	0	00000000000000000000000000000000
.idata	12800	a75268841d2276c894b693a1a08c4908
.didata	3072	6041a3a577a4bad0208c6f60bfdf459f
.edata	512	75c0b5d43524db85a6c7b24266c6873c
.tls	0	00000000000000000000000000000000
.rdata	512	597c567ca004669128fd0786f81dd70c
.reloc	206336	b050c170017b7fc0d3c4797706a0b776
.rsrc	601600	1d633b3fb592df2313840eb297060c34

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for edrwkgn.exe

copyright for information about edrwkgn.exe