» TortoiseHgOverlayServer.exe
Overview
Analysis
File Details
Behaviors (1)

TortoiseHgOverlayServer.exe

TortoiseHg

Steve Borho Open Source Developer

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TortoiseHgOverlayIconServer’.

File name:

Publisher:

Steve Borho Open Source Developer (signed and verified)

Product:

TortoiseHg

Description:

TortoiseHg Overlay Icon Server

Version:

2.2.1

MD5:

e24053120bb62aeed46c601457f992da

SHA-1:

593d42669f35ab4f54554903da3b965380070c4d

SHA-256:

0ec9a8a94ed0e025a234795c6675eba8ca4bf2e1cd33acde16cb2c64992c37d0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 11:40:50 PM UTC (a few moments ago)

File size:

51.5 KB (52,688 bytes)

Product version:

2.2.1

Original file name:

TortoiseHgOverlayServer.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\tortoisehg\tortoisehgoverlayserver.exe

Digital Signature

Signed by:

Steve Borho Open Source Developer

Authority:

Unizeto Technologies S.A.

Valid from:

2/13/2011 12:45:26 AM

Valid to:

2/14/2012 12:45:26 AM

Subject:

E=steve@borho.org, CN=Steve Borho Open Source Developer, OU=Open Source Developer, O=Open Source Developer, C=US

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

07358B

File PE Metadata

Compilation timestamp:

11/10/2008 11:40:52 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:zr6aAEhHgdCem7VvS/DAK+YV5/44t+310qim+zAMJ4fAo45:6aAEFek6/DFDVi4t+Fim+cAo45

Entry address:

0x33D4

Entry point:

48, 83, EC, 28, E8, 87, 02, 00, 00, 48, 83, C4, 28, E9, FE, FC, FF, FF, CC, CC, 48, 83, EC, 28, 48, 8B, 01, 81, 38, 63, 73, 6D, E0, 75, 2B, 83, 78, 18, 04, 75, 25, 8B, 40, 20, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 06, E8, F7, 02, 00, 00, CC, 33, C0, 48, 83, C4, 28, C3, CC, CC, CC, 48, 83, EC, 28, 48, 8D, 0D, B1, FF, FF, FF, FF, 15, E3, 0B, 00, 00, 33, C0, 48, 83, C4, 28, C3, FF, 25, 86, 0D, 00, 00, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B... 
[+]

Code size:

10 KB (10,240 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TortoiseHgOverlayIconServer

Command:

C:\Program Files\tortoisehg\tortoisehgoverlayserver.exe

Scan TortoiseHgOverlayServer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.