home

CreoSvc.exe

Trust Boundary Manager

CryptoMill Technologies Ltd

The executable CreoSvc.exe, “Trust Boundary System Service” has been detected as malware by 13 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “HP Trust Circles Service”.
Publisher:
CryptoMill Technologies Ltd.  (signed by CryptoMill Technologies Ltd)

Product:
Trust Boundary Manager

Description:
Trust Boundary System Service

Version:
8.2.15.16418

MD5:
a6f7f77bc9025eb37c9a0feaf58f09d4

SHA-1:
d2c7c0d345b9713165270ab463a3d05619910bdf

SHA-256:
da81596b834f2ab48bd5df794a53436f1e08230369aae9e0bd27f262725b90b1

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/20/2024 12:12:39 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160518-2

AVG
Win32/Floxif.A
2015.0.4568

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
8.0.319.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!A6F7F77BC902
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.221.397.0

Norman
Win32.Floxif.A
19.05.2016 05:17:13

VIPRE Antivirus
Threat.4760052
49072

File size:
1.4 MB (1,444,767 bytes)

Product version:
8.2.15.16418

Copyright:
(c) CryptoMill Technologies. All rights reserved.

Original file name:
CreoSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hewlett-packard\hp trust circles\creosvc.exe

Digital Signature
Signed by:
CryptoMill Technologies Ltd

Authority:
VeriSign, Inc.

Valid from:
7/8/2013 12:00:00 AM

Valid to:
8/7/2014 11:59:59 PM

Subject:
CN=CryptoMill Technologies Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CryptoMill Technologies Ltd, L=Toronto, S=Ontario, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4484C1B7B3587CA73CC11DDBE0AC0136

File PE Metadata
Compilation timestamp:
8/23/2013 6:20:53 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
24576:76IBfKNBU2ommhr2itfEgxsZbpBPfkmkBnU38a4ifTjHGvH4hrEH7R:++goTKUfEgupZOnk87ifTiL

Entry address:
0x106597

Entry point:
E9, 96, 7F, FE, FF, E9, 91, FE, FF, FF, CC, FF, 25, 38, 44, 51, 00, FF, 25, 30, 44, 51, 00, 55, 8B, EC, FF, 15, 70, 41, 51, 00, 6A, 01, A3, 84, CB, 54, 00, E8, 1F, 06, 00, 00, FF, 75, 08, E8, 1D, 06, 00, 00, 83, 3D, 84, CB, 54, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 05, 06, 00, 00, 59, 68, 09, 04, 00, C0, E8, 06, 06, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, A1, 06, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 68, C9, 54, 00, 89, 0D, 64, C9, 54, 00, 89, 15, 60, C9, 54, 00, 89, 1D...
 
[+]

Entropy:
6.7187

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.1 MB (1,124,864 bytes)

Service
Display name:
HP Trust Circles Service

Service name:
CreoService

Description:
The HP Trust Circles service oversees and manages the encrypting and decrypting of files protected by Trust Circles. Stopping or disabling the service will prevent users from taking advantage of this

Type:
Win32OwnProcess


Remove CreoSvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.