home

toolwizcares.exe

Toolwiz Care

XII CNC Inc.

It runs as a scheduled task under the Windows Task Scheduler named ToolwizCareFree triggered to execute each time a user logs in.
Publisher:
Toolwiz  (signed by XII CNC Inc.)

Product:
Toolwiz Care

Version:
2.0.0.0

MD5:
8cd326201b72a1873ed0bd15c98bb747

SHA-1:
99be47a1b52ddcb3a3d32bcf5d07a3347d249ee3

SHA-256:
d02bf60818a8ce8ff5f9c0fd6968ad29f9165999852c62b2ee7a263a461cd824

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/18/2024 10:54:31 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

File size:
5.1 MB (5,298,439 bytes)

Product version:
2.0

Copyright:
Copyright(c) 2012 by Toolwiz.com

Trademarks:
Toolwiz

Original file name:
Toolwiz.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\toolwizcarefree\toolwizcares.exe

Digital Signature
Signed by:
XII CNC Inc.

Authority:
VeriSign, Inc.

Valid from:
8/29/2012 6:00:00 AM

Valid to:
9/29/2013 5:59:59 AM

Subject:
CN=XII CNC Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang-si, S=Gyunggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5AE657C73341F9A5D7BDDD336C543E67

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x2CECC0

Entry point:
E9, 8A, 70, F2, FF, F0, 53, B8, A8, E4, 6C, 00, E8, FF, 85, D3, FF, E8, B2, B4, DF, FF, E8, 01, F7, FF, FF, 33, C0, E8, 16, B0, DF, FF, E8, 31, 7A, DE, FF, 84, C0, 75, 34, BA, 40, EE, 6C, 00, B1, 01, B8, 68, EE, 6C, 00, E8, 34, 1F, D4, FF, 84, C0, 74, 0E, A1, 20, 37, 6E, 00, 8B, 00, E8, 00, 81, DE, FF, EB, 11, A1, 20, 37, 6E, 00, 8B, 00, E8, 7A, 80, DE, FF, E8, 09, 5B, D3, FF, BA, 40, EE, 6C, 00, B8, 68, EE, 6C, 00, B1, 01, E8, 00, 1F, D4, FF, 84, C0, 74, 1D, A1, 20, 38, 6E, 00, 80, B8, 5B, 01, 00, 00, 00...
 
[+]

Entropy:
7.1228

Packer / compiler:
Xtreme-Protector v1.05

Code size:
2.8 MB (2,940,928 bytes)

Scheduled Task
Task name:
ToolwizCareFree

Trigger:
Logon (Runs on logon)


Scan toolwizcares.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.