» bd01c61c01f8774593aa3983bcd11d11c6da68d7
Overview
Analysis
File Details

bd01c61c01f8774593aa3983bcd11d11c6da68d7

ToolWiz Care

XII CNC Inc.

It is installed within the Mozilla Firefox web browser as part of an addin/plugin.

File name:

Publisher:

ToolWiz (signed by XII CNC Inc.)

Product:

ToolWiz Care

Version:

3.1.0.5500

MD5:

726b76b57887bf3dc326cb6ecd7a2232

SHA-1:

7551c6895c98d88e82783e7ec6ed7da5181da1e7

SHA-256:

7447b59ee04e8d46bd0984abeb91ab172b6a8b3e79eaecc1dd98a061b76acba9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 4:06:59 AM UTC (today)

File size:

7.2 MB (7,539,855 bytes)

Product version:

2.0

Trademarks:

ToolWiz

Original file name:

Setup.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\mozilla\firefox\profiles\{user}.default\cache2\entries\bd01c61c01f8774593aa3983bcd11d11c6da68d7

Digital Signature

Signed by:

XII CNC Inc.

Authority:

VeriSign, Inc.

Valid from:

9/9/2013 8:00:00 PM

Valid to:

11/9/2014 6:59:59 PM

Subject:

CN=XII CNC Inc., OU=R&D Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang-si, S=Gyeonggi-do, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0EA8B60149BC1FE40C91216292149AA7

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:eImId/Hz9onJicYZK3bE3xLQPM/8KG7fV83RxK5WE:4wTCnsw3bmLQPMmDy3RE

Entry address:

0xF9C001

Entry point:

60, E9, 3D, 04, 00, 00, 41, 8D, AD, A9, A9, 42, A9, 12, 99, 90, ED, A9, AA, 74, 82, 34, 79, 96, ED, A9, 2A, 14, 55, E0, ED, A9, A9, 20, 34, 55, E0, ED, A9, A6, 2C, CF, AA, A9, A9, 6E, 2C, 9A, 90, ED, A9, A9, A9, A9, A9, 24, 2C, AD, E3, ED, A9, F9, 56, 3C, A9, E2, ED, A9, 20, 2C, A9, E3, ED, A9, 22, 51, 24, 34, B8, E3, ED, A9, FA, F9, 56, 3C, 55, E3, ED, A9, 20, 2C, 55, 96, ED, A9, 24, 34, B7, E3, ED, A9, FA, FE, 56, 3C, 55, E3, ED, A9, 20, 2C, A9, E9, ED, A9, 24, 2C, 1C, 90, ED, A9, 56, 49, FD, C0, BC, A9... 
[+]

Entropy:

7.9942

Packer / compiler:

ASPack v2.11

Code size:

1.3 MB (1,400,320 bytes)

Scan bd01c61c01f8774593aa3983bcd11d11c6da68d7 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.