home

BeTwinAssistant.exe

BeTwin 2000/XP/VS

ThinSoft Pte Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BeTwinAssistant’.
Publisher:
ThinSoft Pte Ltd.  (signed by ThinSoft Pte Ltd)

Product:
BeTwin 2000/XP/VS

Description:
BeTwinAssistant

Version:
2.00 built by: WinDDK

MD5:
85ee4521c18cff97f09aead8c3fc5b9f

SHA-1:
828bf59a4f1df72159855cfaa16cbe68f6741dd9

SHA-256:
947923e2b5ee7b8eb21da6372ad75f431793d2b44e85271c0c61b3b68386b096

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 10:03:59 PM UTC  (today)

File size:
102.6 KB (105,032 bytes)

Product version:
2.00

Copyright:
Copyright (C) 2001-2010, ThinSoft Pte Ltd.

Original file name:
BeTwinAssistant.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\betwin\betwinassistant.exe

Digital Signature
Signed by:
ThinSoft Pte Ltd

Authority:
VeriSign, Inc.

Valid from:
3/18/2009 12:00:00 AM

Valid to:
3/18/2011 11:59:59 PM

Subject:
CN=ThinSoft Pte Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ThinSoft Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7FF32E0848575D0931FF6E35F715EDBE

File PE Metadata
Compilation timestamp:
10/6/2010 9:31:20 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:v8GUINiE+J9Il9qcceH1BwuP3vUJDjOkG:UGU6iE+afH1BbP3cJva

Entry address:
0xAC0C

Entry point:
48, 83, EC, 28, E8, 43, 22, 00, 00, 48, 83, C4, 28, E9, 6A, FD, FF, FF, CC, CC, CC, CC, CC, CC, 45, 33, DB, 4C, 8B, D2, 4C, 8B, C1, 66, 44, 39, 1A, 75, 04, 48, 8B, C1, C3, 0F, B7, 01, 66, 41, 3B, C3, 74, 44, 4C, 8B, C9, 4C, 2B, CA, 66, 41, 3B, C3, 49, 8B, D2, 74, 1D, 66, 44, 39, 1A, 74, 32, 41, 0F, B7, 0C, 11, 0F, B7, 02, 3B, C8, 75, 0B, 48, 83, C2, 02, 66, 45, 39, 1C, 11, 75, E3, 66, 44, 39, 1A, 74, 15, 49, 83, C0, 02, 49, 83, C1, 02, 66, 41, 8B, 00, 66, 41, 3B, C3, 75, C2, 33, C0, C3, 49, 8B, C0, C3, CC...
 
[+]

Entropy:
6.0845

Code size:
82 KB (83,968 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BeTwinAssistant

Command:
"C:\Program Files\betwin\betwinassistant.exe"


Scan BeTwinAssistant.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.