home

webtmr.exe

Salfeld Computer GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ChicoSys’.
Publisher:
Salfeld Computer  (signed by Salfeld Computer GmbH)

Description:
Salfeld Security Software Timer

Version:
10.166.0.0

MD5:
65da609ac36230ba815b05e9c9ac55c1

SHA-1:
9d24ce7b3aa5230c58469e13d0559c78c9535515

SHA-256:
3efabb5a80d2a86a805d60b9e407cd57f6a28edd6255c9a8ae19cdc858559286

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 7:22:06 AM UTC  (today)

File size:
5 MB (5,251,512 bytes)

Product version:
1.0.0.0

Copyright:
Salfeld Computer

Trademarks:
Salfeld Computer

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\cc32\webtmr.exe

Digital Signature
Signed by:
Salfeld Computer GmbH

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/23/2007 7:00:00 AM

Valid to:
7/15/2009 6:59:59 AM

Subject:
CN=Salfeld Computer GmbH, OU=SECURITY, O=Salfeld Computer GmbH, L=Reutlingen, S=BW, C=DE

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
2F609F8CCAC693DD4148B811E1356586

File PE Metadata
Compilation timestamp:
4/11/2009 7:38:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:zhgIGa+E5DnZIRoC+7b7FAnQM7dCkfsscxCjZZdS1/1zTc1yT0IhO+c4ee33Vo+/:zrGa+EtZOoT/BAQM7MTspZdi1c1Y9t

Entry address:
0x2C15C4

Entry point:
55, 8B, EC, 83, C4, E8, 53, 33, C0, 89, 45, E8, 89, 45, EC, B8, 7C, B1, 6B, 00, E8, 07, 69, D4, FF, 33, C0, 55, 68, 5D, 18, 6C, 00, 64, FF, 30, 64, 89, 20, A1, BC, 06, 6E, 00, C6, 00, 00, B8, 74, 18, 6C, 00, E8, 37, 03, FB, FF, A1, 10, 07, 6E, 00, BA, 90, 18, 6C, 00, E8, 6C, 3F, D4, FF, E8, DB, B9, FA, FF, 8B, D8, A1, 10, 07, 6E, 00, BA, 9C, 18, 6C, 00, E8, 56, 3F, D4, FF, E8, C5, B9, FA, FF, 83, FB, 1F, 7C, 14, 83, F8, 1F, 7C, 0F, B8, A8, 18, 6C, 00, E8, F9, 02, FB, FF, E8, 1C, 3D, D4, FF, 68, C4, 18, 6C...
 
[+]

Entropy:
6.5574

Developed / compiled with:
Microsoft Visual C++

Code size:
2.8 MB (2,885,632 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ChicoSys

Command:
C:\Windows\System32\cc32\webtmr.exe


Scan webtmr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.