» pwnative.exe
Overview
Analysis
File Details

pwnative.exe

MiniTool Solution Ltd

The executable pwnative.exe has been detected as malware by 6 anti-virus scanners.

File name:

pwnative.exe

Publisher:

MiniTool Solution Ltd (signed and verified)

MD5:

aebc7621af98aa5c7a9b8305c78d9aa3

SHA-1:

df6cbe3c68701ad3cbbc05ef5d728b6f7d09081b

SHA-256:

a9616d4d29773557b878b1cf2b0deb39cc1a3fd601fe7d4bbd2c8b5ac09b9c64

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

4/26/2024 3:46:20 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Patched-HO [Trj]

160205-1

Dr.Web

Trojan.MulDrop3.48024

9.0.1.05190

Emsisoft Anti-Malware

Win32.SlugIn.A.Dam

10.0.0.5366

Microsoft Security Essentials

Threat.Undefined

1.213.5692.0

Norman

Win32.SlugIn.A.Dam

03.02.2016 10:30:35

VIPRE Antivirus

Threat.4314869

46938

File size:

2.9 MB (3,061,411 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\partitionwizard\x64\pwnative.exe

Digital Signature

Signed by:

MiniTool Solution Ltd

Authority:

GlobalSign nv-sa

Valid from:

5/21/2012 5:18:09 PM

Valid to:

5/22/2015 5:18:09 PM

Subject:

E=support@minitool.ca, CN=MiniTool Solution Ltd, O=MiniTool Solution Ltd, L=SURREY, S=British Columbia, C=CA

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121CB5D7302C7544C0407CB59FFDE7FB180

File PE Metadata

Compilation timestamp:

8/20/2012 9:48:00 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

24576:f9QqhAp1T/FCKhDNHXvFY6m9/eyHvBH/vwbH/vEbH/vwWkb:i7I9/hPB/4b/cb/1+

Entry address:

0x8040

Entry point:

48, 89, 4C, 24, 08, 48, 83, EC, 38, E8, 52, 31, 00, 00, E8, FD, F9, FF, FF, 90, 33, D2, 33, C9, E8, 73, 15, 00, 00, EB, 00, E8, EC, 33, 00, 00, E8, 27, 32, 00, 00, 33, D2, 48, C7, C1, FF, FF, FF, FF, FF, 15, 70, 40, 0A, 00, 48, 83, C4, 38, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 89, 4C, 24, 08, 48, 83, EC, 68, C7, 44, 24, 38, 01, 00, 00, 00, 48, C7, 44, 24, 30, 00, 00, 00, 00, C7, 44, 24, 28, 80, 00, 00, 00, C7, 44, 24, 20, 03, 00, 00, 00, 45, 33, C9, 41, B8, 03, 00... 
[+]

Entropy:

3.7235

Code size:

681.5 KB (697,856 bytes)

Remove pwnative.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.