» OneClickAssistant.EXE
Overview
Analysis
File Details
Behaviors (1)

OneClickAssistant.EXE

OneClickAssistant Application

WebToGo Mobiles Internet GmbH

It runs as a scheduled task under the Windows Task Scheduler.

File name:

Publisher:

WebToGo Mobiles Internet GmbH (signed and verified)

Product:

OneClickAssistant Application

Description:

OneClickAssistant MFC Application

Version:

1, 0, 0, 1

MD5:

9d5c0b6d1e7e005b4de2349f9af74a49

SHA-1:

eaecb91e5e38f70a3c75f2bf3b15bc1c82f82742

SHA-256:

67f5c1a9f7ceaa5bba58bdc79c92bb129b063fdee50a1ef3de3dc86282e7a98b

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 2:45:25 PM UTC (today)

Scan engine

Detection

Engine version

Prevx

Heuristic: Suspicious Self Modifying File

3.0.2

File size:

4.4 MB (4,638,152 bytes)

Product version:

1, 0, 0, 1

Original file name:

OneClickAssistant.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\xsmanager\oneclickassistant.exe

Digital Signature

Signed by:

WebToGo Mobiles Internet GmbH

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

12/8/2006 1:00:00 AM

Valid to:

12/8/2008 12:59:59 AM

Subject:

CN=WebToGo Mobiles Internet GmbH, OU=Application Development, O=WebToGo Mobiles Internet GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

7212020824E671988F0FA675C257C7E1

File PE Metadata

Compilation timestamp:

7/5/2007 3:32:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:SM8r12ghEce6t9NSmSyhBdxNx98rXPJdrY:+12ghbeYgrY

Entry address:

0x2C38E

Entry point:

55, 8B, EC, 6A, FF, 68, 40, 47, 43, 00, 68, 36, C7, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 40, 24, 43, 00, 59, 83, 0D, 90, E0, 43, 00, FF, 83, 0D, 94, E0, 43, 00, FF, FF, 15, 44, 24, 43, 00, 8B, 0D, 84, E0, 43, 00, 89, 08, FF, 15, 48, 24, 43, 00, 8B, 0D, 80, E0, 43, 00, 89, 08, A1, 4C, 24, 43, 00, 8B, 00, A3, 8C, E0, 43, 00, E8, 36, 03, 00, 00, 39, 1D, 70, DF, 43, 00, 75, 0C, 68, 32, C7, 42, 00, FF, 15... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

196 KB (200,704 bytes)

Scheduled Task

Task name:

{2D311D03-F19B-4AF8-BAFA-0718A0D6685E}

Trigger:

Registration (Runs on registration)

Scan OneClickAssistant.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.