home

PlugInWatcher.exe

PlugInWatcher

Mitel Networks

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Mitel MiVoice for Lync’.
Publisher:
Mitel Networks  (signed and verified)

Product:
PlugInWatcher

Version:
1.0.0.20

MD5:
d7c550d6f0423d70edb0eb1d9bc66bc9

SHA-1:
ef8d69cde84d256b6fc7d6fb7ccfc5e1759894b8

SHA-256:
6ede0988fa05a3805a344f5c2280fdc1eea9fd55787aa34abbf49a628ddbd5c2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 6:35:16 AM UTC  (today)

File size:
30.3 KB (31,032 bytes)

Product version:
1.0.0.20

Copyright:
Copyright © Mitel Networks Corporation 2013

Original file name:
PlugInWatcher.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\mitel\mivoice\pluginwatcher.exe

Digital Signature
Signed by:
Mitel Networks

Authority:
VeriSign, Inc.

Valid from:
3/3/2013 7:00:00 PM

Valid to:
4/6/2014 7:59:59 PM

Subject:
CN=Mitel Networks, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mitel Networks, L=Ottawa, S=Ontario, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05AE40C9B7F4DCBF60391A28DCEAA23F

File PE Metadata
Compilation timestamp:
6/27/2013 6:40:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:Q/SihhH50aTyR22ux6frYWeno5tFfmIqZ6pNAUn4PMP4x6aRCJmNVxiGMEWt+nYw:E0B224HctFTFmD+kxa+P2kF

Entry address:
0x742E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7778

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
21.5 KB (22,016 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Mitel MiVoice for Lync

Command:
"C:\Program Files\mitel\mivoice\pluginwatcher.exe"


Scan PlugInWatcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.