Gridinsoft Logo
File Icon

The DRW.exe (EaseUS Data Recovery Wizard) File Analysis

Updated 2 months ago
Checked by Malaware Check
DRW.exe

Technical Analysis

File Name DRW.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.211.174
Database Version 2025-03-25 21:01:09 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
407,048
File Size (bytes)
2025-03-25
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
e61c47c6ae3ccaad36170c7f99cee68d
SHA1
e598936925fea0522480e6284cda7326f198fcee
SHA256
a40848848e4b87c2a196f864d4ba89dbb69e431963336ca5e30e5a05a059bba1
SHA512
6cf27d0507b6447e9fd278958aa0d245b4d3fc71164212573a2fa22851f126178927dd68a7969bc746e7f62a8d82ce170758711a01fcb4796b61924062215b19
ImpHash
b46b7325b9989fb69df473133b5f1042

PE Analysis

Basic Information

Icon
Hash: c096ccb59e7d79b158a5e40e3506b19e
Fuzzy: bfef0d6c79d6edce3c059fe040d432fa
dHash: 9669e896b296d4aa
Image Base 0x00400000
Entry Point 0x004047a0
Compilation Time 2023-11-10 00:55:35
Checksum 0x0006f6a9 (Actual: 0x0006f6a9)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path E:\DRW\DRW17.0-Crash\DRWIntelligentScan\bin\Release\DRWLoader.pdb
Digital Signature OK
Imports 4 libraries
PubLog, KERNEL32, USER32, ADVAPI32
Exports 0 functions
Resources 7 Resources
Sections 4 Sections

Version Information

CompanyName CHENGDU YIWO Tech Development Co., Ltd
FileDescription EaseUS Data Recovery Wizard
FileVersion 17.0.0.0
InternalName Data Recovery Wizard
LegalCopyright Copyright EaseUS. All rights reserved.
OriginalFilename EaseUS Data Recovery Wizard
ProductName EaseUS Data Recovery Wizard
ProductVersion 17.0.0.0
Translation 0x0804 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 87,659 bytes 88,064 bytes 6.60 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 2069E297AC0657095AE2D8A3E85F2980
.rdata 0x00017000 30,796 bytes 31,232 bytes 5.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ FF86DE2446E5FECF55BCF4E7DE272946
.data 0x0001f000 6,476 bytes 3,072 bytes 2.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 946B2E7E5AEFE3C5A18A78F930B6F928
.rsrc 0x00021000 272,720 bytes 272,896 bytes 3.15 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 34C13DC2ADD687306BD3FBB009C3B8D1
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 7 (272,224 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 270,376 bytes
99.3%
RT_STRING 3 524 bytes
0.2%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 1 912 bytes
0.3%
RT_MANIFEST 1 392 bytes
0.1%

Certificate Chain Analysis

Certificate Information
Product EaseUS Data Recovery Wizard
Description EaseUS Data Recovery Wizard
File Version 17.0.0.0
Original Name EaseUS Data Recovery Wizard
Signing Date 01:23 AM 11/10/2023 (575 days ago)
Verification Status Signed
Signers CHENGDU YIWO Tech Development Co., Ltd.; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4; DigiCert
Counter Signers DigiCert Timestamp 2023; DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA; DigiCert Trusted Root G4; DigiCert
Internal Name Data Recovery Wizard
Copyright Copyright EaseUS. All rights reserved.
Certificate Chain Summary
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #1 Primary
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
CHENGDU YIWO Tech Development Co., Ltd. #2 Chain
Validity Period: 2022-09-21 00:00:00 → 2024-12-02 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 03 BD 22 19 37 F2 D7 96 FA 70 29 54 7B 19 03 01
DigiCert Timestamp 2023 #3 Chain
Validity Period: 2023-07-14 00:00:00 → 2034-10-13 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 05 44 AF F3 94 9D 08 39 A6 BF DB 3F 5F E5 61 16
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #4 Chain
Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B
DigiCert Trusted Root G4 #5 Chain
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware