» screentoolkit.exe
Overview
Analysis
File Details

screentoolkit.exe

TRIORIS LLC

The application screentoolkit.exe by TRIORIS has been detected as a potentially unwanted program by 17 anti-malware scanners.

File name:

screentoolkit.exe

Publisher:

screentool (signed by TRIORIS LLC)

Product:

screentool

Version:

1.0.0.7

MD5:

a4a94f19858d55cf2b6d93d373887ccd

SHA-1:

b0629df9bba9dfdfef43a20d8e95ce08c3ebbfe4

SHA-256:

a9cec6df802c63ea3639b41710579d048ed95a76307f936ecc1b2326fb97ccd1

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 1:26:28 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.67627

360

AVG

Adware Generic5

2017.0.2838

Baidu Antivirus

Adware.Win32.Agent

4.0.3.16210

Bitdefender

Gen:Variant.Strictor.67627

1.0.20.205

Comodo Security

ApplicUnwnt

19547

Dr.Web

Trojan.Triosir.14

9.0.1.041

Emsisoft Anti-Malware

Gen:Variant.Strictor.67627

8.16.02.10.10

ESET NOD32

Win32/AdWare.Agent.NFF (variant)

10.10563

Fortinet FortiGate

Riskware/Agent

2/10/2016

F-Secure

Gen:Variant.Strictor.67627

11.2016-10-02_4

G Data

Gen:Variant.Strictor.67627

16.2.24

IKARUS anti.virus

PUA.Agent

t3scan.1.7.8.0

McAfee

Artemis!FEEFAF50BCE1

5600.6494

Qihoo 360 Security

Win32/Trojan.Multi.daf

1.0.0.1015

Reason Heuristics

Win32.Generic

16.2.10.10

Trend Micro House Call

Suspicious_GEN.F47V0914

7.2.41

VIPRE Antivirus

Threat.4150696

33120

File size:

273.2 KB (279,712 bytes)

Product version:

1.0.0.7

Original file name:

screentool.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\screentk\screentoolkit.exe

Digital Signature

Signed by:

TRIORIS LLC

Authority:

COMODO CA Limited

Valid from:

3/27/2013 6:00:00 AM

Valid to:

3/27/2016 5:59:59 AM

Subject:

CN=TRIORIS LLC, O=TRIORIS LLC, STREET="Griboedova str., 34, 5", L=Novosibirsk, S=Novosibirsk region, PostalCode=630000, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DDE431469F44EE01CD42B3680AB9990D

File PE Metadata

Compilation timestamp:

9/19/2014 11:51:36 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:ME4k1vJufE/gp1EpMtObhQM7ELTt4jn6ilha1TOVNXnR2EEMUp:JloMYmbSM7OtOoNOn3RBUp

Entry address:

0xE9E4

Entry point:

E8, F6, 81, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, FC, BC, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 80, A1, 42, 00, 01, 0F, 82, 33, 83, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74... 
[+]

Code size:

125.5 KB (128,512 bytes)

Remove screentoolkit.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.