home

betwinservicexp.exe

BeTwin 2000/XP/VS

Thinsoft USA Inc.

It runs as a separate (within the context of its own process) windows Service named “BeTwin Terminal Services”.
Publisher:
ThinSoft Pte Ltd.  (signed by Thinsoft USA Inc.)

Product:
BeTwin 2000/XP/VS

Description:
BeTwin Terminal Services

Version:
2.00 built by: WinDDK

MD5:
4b7bac96713037f6fe83cfc6bc681d02

SHA-1:
349138eef5c09a71e873ec7270d318a76fc4b7c9

SHA-256:
01ec1e74c7430af9e7c2586a0b21b93747aeef4caf1ab64066d5a9e288a5e2a4

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/24/2024 10:24:45 PM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.562

NANO AntiVirus
Riskware.Win32.Agent.csesaj
0.30.26.3725

Quick Heal
RiskTool.Agent.r4 (Not a Virus)
1.16.14.00

File size:
255.3 KB (261,448 bytes)

Product version:
2.00

Copyright:
Copyright (C) 2001-2008, ThinSoft Pte Ltd.

Original file name:
BeTwinService.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\betwinservicexp.exe

Digital Signature
Signed by:
Thinsoft USA Inc.

Authority:
VeriSign, Inc.

Valid from:
10/25/2006 7:00:00 AM

Valid to:
12/25/2009 6:59:59 AM

Subject:
CN=Thinsoft USA Inc., OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Thinsoft USA Inc., L=Ithaca, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06E8D79F1DAFC93F1224F2E7061E2CC4

File PE Metadata
Compilation timestamp:
1/29/2008 5:31:41 PM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
6144:QzWk7vSzwIABH86oSEV8WRxzyNrYfAOrXs:gWK6zwIrS68WRxzyqYOTs

Entry address:
0x26B07

Entry point:
6A, 18, 68, C0, 68, 40, 00, E8, D9, 04, 00, 00, BB, 94, 00, 00, 00, 53, 6A, 00, 8B, 3D, F0, 11, 40, 00, FF, D7, 50, FF, 15, EC, 11, 40, 00, 8B, F0, 85, F6, 74, 18, 89, 1E, 56, FF, 15, 20, 12, 40, 00, 56, 85, C0, 75, 14, 50, FF, D7, 50, FF, 15, F4, 11, 40, 00, B8, FF, 00, 00, 00, E9, 46, 01, 00, 00, 8B, 46, 10, A3, EC, 0D, 44, 00, 8B, 46, 04, A3, F8, 0D, 44, 00, 8B, 46, 08, A3, FC, 0D, 44, 00, 8B, 46, 0C, 25, FF, 7F, 00, 00, A3, F0, 0D, 44, 00, 33, DB, 53, FF, D7, 50, FF, 15, F4, 11, 40, 00, 83, 3D, EC, 0D...
 
[+]

Entropy:
6.1749

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
226 KB (231,424 bytes)

Service
Display name:
BeTwin Terminal Services

Service name:
TermService

Description:
Allows you to connect additional workstations and support additional users on a Windows 2000 or Windows XP computer.

Type:
Win32OwnProcess

Depends on:
RPCSS


Scan betwinservicexp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.