home

BeTwinMessages.exe

BeTwin and WinConnect Server

Thinsoft USA Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BeTwinMessages’.
Publisher:
ThinSoft Pte Ltd  (signed by Thinsoft USA Inc.)

Product:
BeTwin and WinConnect Server

Description:
BeTwin Messages Application

Version:
2.00.418

MD5:
05ae1d5a16c8322f35cca9c78f9dc955

SHA-1:
1d5f26c3432694dc6130db02c9ac367051398c9d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 6:03:36 PM UTC  (today)

File size:
117.4 KB (120,216 bytes)

Product version:
2.00.418

Copyright:
Copyright (C) 2001-2008 ThinSoft Pte Ltd

Original file name:
BeTwinMessages.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\betwin\betwinmessages.exe

Digital Signature
Signed by:
Thinsoft USA Inc.

Authority:
VeriSign, Inc.

Valid from:
10/24/2006 7:00:00 PM

Valid to:
12/24/2009 5:59:59 PM

Subject:
CN=Thinsoft USA Inc., OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Thinsoft USA Inc., L=Ithaca, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06E8D79F1DAFC93F1224F2E7061E2CC4

File PE Metadata
Compilation timestamp:
11/30/2008 6:27:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:9EdcuCCEsbQLtbgRGv0rh6UcV5JQN8AWb25P/4oazI267KkRk7K0J5KyEAO:9gcuIsbqz5Pb2l85mk7FJ5U

Entry address:
0xCD04

Entry point:
6A, 70, 68, 78, 1E, 41, 00, E8, 64, 03, 00, 00, 33, FF, 57, FF, 15, EC, F0, 40, 00, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 7D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, B9, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 02, 5B, 53, FF, 15, 94, F5, 40, 00, 59, 83, 0D, 38, 22, 42, 00, FF, 83, 0D, 3C, 22...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
56 KB (57,344 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BeTwinMessages

Command:
"C:\Program Files\betwin\betwinmessages.exe"


Scan BeTwinMessages.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.