home

execstat.exe

StatWin Professional

SXR Software LLC

It runs as a separate (within the context of its own process) windows Service named “SW Administration Service”. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ES’. This is installed with StatWin.
Publisher:
SXR Software  (signed by SXR Software LLC)

Product:
StatWin Professional

Description:
StatWin Computer Monitoring

Version:
9, 0, 8, 100

MD5:
e4d016443b43df9e9ebb199be1473f2e

SHA-1:
5cfad0c3bd4169eaf4ef91540e1bf27c584b09c1

SHA-256:
81886a93d4c292ceafc5a97bf7322b0cf5c48fee6ffa7d411a21568fccfbf485

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 7:04:42 AM UTC  (today)

File size:
362.8 KB (371,496 bytes)

Product version:
9, 0, 8, 100

Copyright:
Copyright (C) 1998-2014 SXR Software. All Rights Reserverd.

Trademarks:
StatWin, SXR Software

Original file name:
ExecStat

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\sxr software\statwin\execstat.exe

Digital Signature
Signed by:
SXR Software LLC

Authority:
VeriSign, Inc.

Valid from:
11/16/2013 8:00:00 AM

Valid to:
12/16/2016 7:59:59 AM

Subject:
CN=SXR Software LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SXR Software LLC, L=Perm, S=Permskiy Kray, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44A2E6FB1AD4F34CCBF9A0F95CFF4F3E

File PE Metadata
Compilation timestamp:
9/1/2014 7:30:00 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:heg6Ofnx/O8yk9yFSdwNODKvqRTXbUEbAdisSApit5iws1yBnRh2sfKQZ8:wjOfnlKk9aSdZwEbWitJs1yBnqsfKQZ8

Entry address:
0x3A903

Entry point:
E8, 97, 3A, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, B6, 44, 00, 89, 0D, 94, B6, 44, 00, 89, 15, 90, B6, 44, 00, 89, 1D, 8C, B6, 44, 00, 89, 35, 88, B6, 44, 00, 89, 3D, 84, B6, 44, 00, 66, 8C, 15, B0, B6, 44, 00, 66, 8C, 0D, A4, B6, 44, 00, 66, 8C, 1D, 80, B6, 44, 00, 66, 8C, 05, 7C, B6, 44, 00, 66, 8C, 25, 78, B6, 44, 00, 66, 8C, 2D, 74, B6, 44, 00, 9C, 8F, 05, A8, B6, 44, 00, 8B, 45, 00, A3, 9C, B6, 44, 00, 8B, 45, 04, A3, A0, B6, 44, 00, 8D, 45, 08, A3, AC, B6, 44...
 
[+]

Entropy:
6.4254

Code size:
253.5 KB (259,584 bytes)

Service
Display name:
SW Administration Service

Type:
Win32OwnProcess


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ES

Command:
"C:\Program Files\sxr software\statwin\execstat.exe"


The file execstat.exe has been discovered within the following program.

StatWin  by SXR Software
www.sxrsoft.com
About 4% of users remove it
 
Powered by Should I Remove It?

Scan execstat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.