toolwiztimefreezegui.exe

Toolwiz TimeFreeze

XII CNC Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Toolwiz TimeFreeze’. This is installed with Toolwiz TimeFreeze.
Publisher:
Toolwiz  (signed by XII CNC Inc.)

Product:
Toolwiz TimeFreeze

Description:
Toolwiz TimeFreeze GUI

Version:
1.9.0.0

MD5:
39265719463e72dc50f5db0463239f0c

SHA-1:
c6237a7af6db6d3157fd63af599bf947d686d0e0

SHA-256:
6a8067283689f0cf76d6eb82ac1060d82ac418eee04a57500f04ceb07f1b92e1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/13/2018 6:12:29 PM UTC  (today)

File size:
1.6 MB (1,677,912 bytes)

Product version:
1.8

Copyright:
Copyright 2012 Toolwiz.com

Trademarks:
Toolwiz

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\toolwiz timefreeze\toolwiztimefreezegui.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/29/2012 5:30:00 AM

Valid to:
9/29/2013 5:29:59 AM

Subject:
CN=XII CNC Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang-si, S=Gyunggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5AE657C73341F9A5D7BDDD336C543E67

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:6/ZWUPrX1scdWrvfHL5BxlS82jO28lrcP2iidLozmkBl/5Q68yF6OEQ+++LM0MZC:6/rrXH+X352X87YH73OrI9rK

Entry address:
0x117688

Entry point:
55, 8B, EC, 83, C4, E8, 53, 33, C0, 89, 45, EC, 89, 45, E8, B8, 50, 72, 51, 00, E8, EB, F0, EE, FF, 33, C0, 55, 68, 05, 78, 51, 00, 64, FF, 30, 64, 89, 20, B8, 1C, 78, 51, 00, E8, CB, 48, F6, FF, 8D, 55, E8, B8, 00, 04, 00, 00, E8, 1E, 16, EF, FF, 8B, 4D, E8, 8D, 45, EC, BA, 30, 78, 51, 00, E8, B6, CE, EE, FF, 8B, 45, EC, E8, A6, 48, F6, FF, A1, B0, A5, 51, 00, 8B, 00, E8, 56, D0, EE, FF, 50, 6A, 00, E8, B6, F9, EE, FF, 8B, D8, 85, DB, 74, 79, BA, 38, 78, 51, 00, A1, 64, A3, 51, 00, 8B, 00, B1, 01, E8, AD...
 
[+]

Entropy:
6.7881

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,141,248 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Toolwiz TimeFreeze

Command:
"C:\Program Files\toolwiz timefreeze\toolwiztimefreezegui.exe" -autorun


The file toolwiztimefreezegui.exe has been discovered within the following program.

Toolwiz TimeFreeze  by ToolWiz
www.toolwiz.com/products/toolwiz-time-freeze
About 8% of users remove it
 
Powered by Should I Remove It?

Scan toolwiztimefreezegui.exe - Powered by Reason Core Security