home

gethwid.exe

Shanghai Bo Yi Information Technology Co. Ltd.

The executable gethwid.exe, “Safengine - Professional Software Protection Tool” has been detected as malware by 7 anti-virus scanners.
Publisher:
Safengine  (signed by Shanghai Bo Yi Information Technology Co. Ltd.)

Product:
Safengine

Description:
Safengine - Professional Software Protection Tool

Version:
2.1.7.0

MD5:
e36853a94519807ec28f7683c060c0a8

SHA-1:
10c48cc3bcc4395329b3f9694c9ec32f3772e977

SHA-256:
01ae2dc0fd061bf30482d9a87e344e6c465b3d5775d81c84238c568df4e67b69

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/18/2024 7:24:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-170209

AVG
Win32/Heur
2018.0.2473

Comodo Security
TrojWare.Win32.Amtar.KNB
22674

ESET NOD32
Win32/Packed.NoobyProtect.E suspicious (variant)
11.11892

IKARUS anti.virus
Virus.Win32.Heur
t3scan.1.9.5.0

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.17207

VIPRE Antivirus
Trojan.Win32.Generic
41734

File size:
1.8 MB (1,852,264 bytes)

Product version:
2.1.7.0

Copyright:
2007 - 2012 Safengine

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gethwid.exe

Digital Signature
Signed by:
Shanghai Bo Yi Information Technology Co. Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/15/2012 3:00:00 AM

Valid to:
3/20/2015 2:59:59 AM

Subject:
CN=Shanghai Bo Yi Information Technology Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Bo Yi Information Technology Co. Ltd., L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3BDC743ADE918E2EC09F3A9FDD929776

File PE Metadata
Compilation timestamp:
5/31/2012 4:39:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1C3529

Entry point:
E8, 1C, 00, 00, 00, 53, 61, 66, 65, 6E, 67, 69, 6E, 65, 20, 4C, 69, 63, 65, 6E, 73, 6F, 72, 20, 76, 32, 2E, 31, 2E, 37, 2E, 30, 00, E9, BB, FE, FF, FF, 85, 07, 97, F2, 01, 88, 3A, B8, 2E, 49, B8, 71, 14, 95, 05, 6C, 9F, 75, 84, 37, E9, 58, FD, FF, FF, 0F, A2, 66, 8B, 4C, 24, 02, EB, 04, 1E, 69, 88, 2B, 66, 8B, FA, 66, 8F, 04, 24, 88, 2C, 24, 83, C4, 01, 8B, 04, 24, 8B, 34, 24, EB, 19, 40, C0, 56, 31, C0, 28, FD, CC, 5F, A6, 83, C4, 23, 8D, 64, 24, 01, 60, 86, DC, E8, C5, FF, FF, FF, F7, D9, 66, 43, 8B, F0...
 
[+]

Remove gethwid.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.