» Tweak7SystemService.exe
Overview
Analysis
File Details
Behaviors (1)

Tweak7SystemService.exe

Tweak-7

Totalidea Software GmbH

It runs as a separate (within the context of its own process) windows Service named “Tweak7SystemService”.

File name:

Publisher:

Totalidea Software (signed by Totalidea Software GmbH)

Product:

Tweak-7

Description:

Tweak-7 System Service

Version:

1.0.1000.0

MD5:

11eca8e549a8a726c1a287af0fb5fbeb

SHA-1:

763fc86fce8a3572d594738f3f444f2db8c3519f

SHA-256:

73193aff5d30424b87f426c2e55bb22a849ef0cdad98586b8b26d6d98f836f7d

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 4:42:04 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Android.Trojan.GingerMaster.R

8.16.01.19.05

File size:

89.2 KB (91,304 bytes)

Product version:

1.0.1000.0

Trademarks:

Tweak-7

Original file name:

Tweak7SystemService.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Windows\System32\tweak7systemservice.exe

Digital Signature

Signed by:

Totalidea Software GmbH

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

5/14/2009 10:18:44 PM

Valid to:

8/11/2010 3:12:23 PM

Subject:

CN=Totalidea Software GmbH, OU=Development, O=Totalidea Software GmbH, L=Remscheid, S=NRW, C=DE

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

65DA3D78D1FD0B34856C06A65C63416F

File PE Metadata

Compilation timestamp:

11/22/2009 1:51:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:1nu+mcbFwW6CiEofhAo4ccvz2bS6w8jN7lqHmwOMzNQN9qL+KzZ:1nPmcbFsh74ccvz2bS6w8hpqHmQzNQNU

Entry address:

0xE8A0

Entry point:

FF, 25, 90, E8, 40, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, 0C, 04, 00, 00, 7B, 7A, 7D, 02, EB, 3C, A1, 6E, 64, 5C, 7A, C1, 9D, C7, D0, 8A, FF, 62, B5, F9, 71, DD, 07, 33, 27, 8D, 04, 77, 8A, 6A, F6, C0, 72, AD, D0, 60, 5C, A6, A8, 16, D4, EE, A7, 79, 39, DD, 9A, 06, 2D, 4A, 57, 9E, 23, D3, 8D, 73, 6F, 16, FE, E2, 19, C7, 52, 9B, B8, 72, 14, FC, 62, 01, 2A, 47, C7, 8D, 6A, 7C, 75, 5C, CF, D7, 4C, A8, F4, E0, 9B, B0, 6A, 43, 7B, 72, 1C, 43... 
[+]

Entropy:

6.0280

Code size:

79.5 KB (81,408 bytes)

Service

Display name:

Tweak7SystemService

Description:

Tweak-7 System Service - executes and enables system tweak actions

Type:

Win32OwnProcess

Scan Tweak7SystemService.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.