» uninstalltoolwizcare.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

uninstalltoolwizcare.exe

ToolWiz Care

XII CNC Inc.

This is a setup program which is used to install the application. This file is installed with the program Toolwiz Care. The file has been seen being downloaded from www.toolwiz.com and multiple other hosts.

File name:

Publisher:

ToolWiz (signed by XII CNC Inc.)

Product:

ToolWiz Care

Version:

3.1.0.5200

MD5:

3091476d67a18f4fcf2a7396df49c0b6

SHA-1:

d6fd53e4fc09d593e021ef988d7ff2b3d8cc8fbf

SHA-256:

503e3110a6d07c911765ea8af32bfafed5092adfeccbae2749204cf7f0d9dd0e

Scanner detections:

4 / 68

Status:

Clean (4 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 12:34:19 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Artemis!27245476E23B

5600.7205

Norman

Sality.A[gs]

11.20140228

Rising Antivirus

PE:Trojan.Agent!6.670

23.00.65.14123

Trend Micro House Call

TROJ_GEN.F47V1224

7.2.59

File size:

7.1 MB (7,403,280 bytes)

Product version:

2.0

Trademarks:

ToolWiz

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\toolwizcarefree\uninstalltoolwizcare.exe

Digital Signature

Signed by:

XII CNC Inc.

Authority:

VeriSign, Inc.

Valid from:

9/10/2013 3:00:00 AM

Valid to:

11/10/2014 1:59:59 AM

Subject:

CN=XII CNC Inc., OU=R&D Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang-si, S=Gyeonggi-do, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0EA8B60149BC1FE40C91216292149AA7

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:Ckr/YqqgJoJqJIoegRGkucWbZpFr93+Mqg2T/nsrbt0TXf3KdTKV55NtZFFIFtgu:XYqBowIW/WZzr9375w3f82V55NqPX+3o

Entry address:

0xFA0001

Entry point:

60, E9, 3D, 04, 00, 00, D1, 1D, 3D, 39, 39, D2, 39, 82, 09, 00, 7D, 39, 3A, E4, 12, A4, E9, 06, 7D, 39, BA, 84, C5, 70, 7D, 39, 39, B0, A4, C5, 70, 7D, 39, 36, BC, 5F, 3A, 39, 39, FE, BC, 0A, 00, 7D, 39, 39, 39, 39, 39, B4, BC, 3D, 73, 7D, 39, 69, C6, AC, 39, 72, 7D, 39, B0, BC, 39, 73, 7D, 39, B2, C1, B4, A4, 28, 73, 7D, 39, 6A, 69, C6, AC, C5, 73, 7D, 39, B0, BC, C5, 06, 7D, 39, B4, A4, 27, 73, 7D, 39, 6A, 6E, C6, AC, C5, 73, 7D, 39, B0, BC, 39, 79, 7D, 39, B4, BC, 8C, 00, 7D, 39, C6, D9, E1, 50, 2C, 39... 
[+]

Entropy:

7.9942

Packer / compiler:

ASPack v2.11

Code size:

1.3 MB (1,400,832 bytes)

The file uninstalltoolwizcare.exe has been discovered within the following program.

Toolwiz Care by ToolWiz

Publisher's description - “ToolWiz Care is a set of free-of-charge tools designed to speed up your PC and give your system a full range of care.”

www.Toolwiz.com

4% remove it

The file uninstalltoolwizcare.exe has been seen being distributed by the following 2 URLs.

http://www.toolwiz.com/download.php?action=ToolWizCare

http://www.toolwiz.com/.../Setup_ToolwizCare.exe

Scan uninstalltoolwizcare.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.