home

BeTwinMessages.exe

BeTwin and WinConnect Server

Thinsoft USA Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BeTwinMessages’.
Publisher:
ThinSoft Pte Ltd  (signed by Thinsoft USA Inc.)

Product:
BeTwin and WinConnect Server

Description:
BeTwin Messages Application

Version:
2.00.348

MD5:
18de4f16e12d07a6dc27695e53e3542a

SHA-1:
111e1ce7886a02ab91300b125c83a9f589888ffe

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 11:22:58 AM UTC  (today)

File size:
109.4 KB (112,024 bytes)

Product version:
2.00.348

Copyright:
Copyright (C) 2001-2007 ThinSoft Pte Ltd

Original file name:
BeTwinMessages.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\betwin\betwinmessages.exe

Digital Signature
Signed by:
Thinsoft USA Inc.

Authority:
VeriSign, Inc.

Valid from:
10/24/2006 9:00:00 PM

Valid to:
12/24/2009 8:59:59 PM

Subject:
CN=Thinsoft USA Inc., OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Thinsoft USA Inc., L=Ithaca, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06E8D79F1DAFC93F1224F2E7061E2CC4

File PE Metadata
Compilation timestamp:
11/1/2007 11:10:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:OxVBBWIkUfH9YeAXthxUmSBQVFPgFE57zvcG85G8zkXD9IKH0J686Ez:OxEpOYx0FE5zOjzAD9IKUJ6w

Entry address:
0xCE00

Entry point:
6A, 70, 68, B8, 05, 41, 00, E8, 1C, 03, 00, 00, 33, FF, 57, FF, 15, E0, F0, 40, 00, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 7D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, B9, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 02, 5B, 53, FF, 15, 80, F5, 40, 00, 59, 83, 0D, B8, 4B, 41, 00, FF, 83, 0D, BC, 4B...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
56 KB (57,344 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BeTwinMessages

Command:
"C:\Program Files\betwin\betwinmessages.exe"


Scan BeTwinMessages.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.