home

iTwinAssist.exe

iTwin Pte Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘iTwinAssist’.
Publisher:
iTwin  (signed by iTwin Pte Ltd)

Product:
iTwin

Description:
iTwinAssist Application

Version:
2, 0, 0, 37

MD5:
2b4d16817627bc97d00c8095d0f62509

SHA-1:
0bdf364fc9f0b2818b99fcd00f069a41beadab86

SHA-256:
14066507969a2f7ea419d9aafdf74dc9a1ffb3f68cc58ef81b85fb5f255f0649

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:47:57 AM UTC  (today)

File size:
643.8 KB (659,208 bytes)

Product version:
2, 0, 0, 37

Copyright:
Copyright (C) 2011

Original file name:
iTwinAssist.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\itwin\itwinassist.exe

Digital Signature
Signed by:
iTwin Pte Ltd

Authority:
GoDaddy.com, Inc.

Valid from:
8/16/2012 7:18:43 AM

Valid to:
9/10/2014 7:22:31 AM

Subject:
CN=iTwin Pte Ltd, O=iTwin Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1533140509B8

File PE Metadata
Compilation timestamp:
12/31/2012 10:19:08 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:qNeSCHqCe/8ecNuSEgf5W1BBNQuY/wxJyth6iP:qN0dVs1BTQuUw7o5P

Entry address:
0x407D0

Entry point:
48, 83, EC, 28, E8, 9F, 53, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, C3, A2, 02, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, 2A, 54, 00, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, 25, 88, FD, FF, 48, 8B, C7, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, C3, CC, CC, CC, 48, 83, EC, 28, 48, 8B, C2, 48, 8D, 51, 11, 48, 8D, 48, 11, E8, 7C, 54, 00, 00, 33, C9, 3B, C1, 0F, 94, C0, 48, 83, C4, 28, C3, 48, 89, 5C, 24, 10, 48, 89, 6C, 24, 18, 48, 89, 74, 24, 20, 57...
 
[+]

Code size:
378.5 KB (387,584 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
iTwinAssist

Command:
"C:\ProgramData\itwin\itwinassist.exe"


Scan iTwinAssist.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.