{1973748e-df8e-47e9-9fb7-9edbca2ccb16}.exe

iTools

Shenzhen Thinksky Technology Co.,Ltd

Publisher:
深圳创想天空科技有限公司  (signed by Shenzhen Thinksky Technology Co.,Ltd)

Product:
iTools

Description:
简单易用的苹果设备管理软件

Version:
1, 8, 2, 8

MD5:
e278d67dfbcc8bb765a5c0ea94f7b0cf

SHA-1:
678437dc0c77f03bd99fa7bcd7621aa1aac2fc94

SHA-256:
f29a8e5a357a60d1a17007c89300dd4ececd3f5731a94d09b26ced92ad7b8b89

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 12:11:15 AM UTC  (today)

File size:
6.8 MB (7,149,920 bytes)

Product version:
1, 8, 2, 8

Copyright:
Copyright (C) 2011-2013 ThinkSky

Original file name:
iTools.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{1973748e-df8e-47e9-9fb7-9edbca2ccb16}.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/18/2012 3:00:00 AM

Valid to:
5/19/2014 2:59:59 AM

Subject:
CN="Shenzhen Thinksky Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Thinksky Technology Co.,Ltd", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
436F252D3A04D8D97E1ACB45363E7F1A

File PE Metadata
Compilation timestamp:
11/18/2013 9:22:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:Bh022u5PeCntXpDA35swtzoJIHLjBpig7+xwLkpsEiTwpPqxHR9ulx4:Bzh59VUbpig7+xwLkps2sHr

Entry address:
0x3B24E6

Entry point:
E8, F9, 03, 00, 00, E9, 36, FD, FF, FF, FF, 25, 7C, 76, 84, 00, 6A, 08, B8, 40, 55, 80, 00, E8, 7C, 04, 00, 00, FF, 75, 08, 83, 65, FC, 00, E8, 92, FB, FF, FF, 59, 89, 45, EC, 8B, 45, EC, E8, 9A, 04, 00, 00, C3, 83, 65, EC, 00, B8, 12, 25, 7B, 00, C3, CC, FF, 25, 28, 77, 84, 00, 68, 85, 25, 7B, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 28, 30, 90, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45...
 
[+]

Entropy:
6.7644

Code size:
4.3 MB (4,481,024 bytes)

The file {1973748e-df8e-47e9-9fb7-9edbca2ccb16}.exe has been discovered within the following program.

Apple Application Support  by Apple Inc.
Apple Application Support is required to run iTunes, QuickTime and other Apple installed products (do not remove this if you use any of these programs). If you remove this program you will need to reinstall it in order for iTunes to load.
www.apple.com
6% remove it
 
Powered by Should I Remove It?

The file {1973748e-df8e-47e9-9fb7-9edbca2ccb16}.exe has been seen being distributed by the following 24 URLs.

http://www.capitalvaultsbits.com/nA hGmKrnXwQ27o5UtkxF98CCWeEWpNSzTjj0C8Y9sq6EYts2QycvIPfs5b_3U4blgakbSNTyj5FeOwO8RrmOQDtq08Tq3wLk12cVprV LEzBPH72lOeSyoEryRCz4APVxl hTOW0_dacu7j z r2hxidmsSTbPS3o2Y7T489Sltw0yZnAlh3I2nJjJmePPb6MYakmu7giHaOp1zSRtqYD75 w lvw==-GyoAAMRtbL6kuT0JgULBRA7Y20rggP7GOA_kjZEf7HTREKG393JcJg==

http://www.capitalvaultsbits.com/GyEj3rZH4vHh7VJrzBBg6WMqFSv2D0mSzkvzocrTDguZcDY_Nwy_2EP7IFhTtb1BdMi eFZh49gUZkPBtEHEELZtidLU7C8BKsPVT3LyotBg7NnBtwvfj2I3yinrcMhm37jbtZiL0SYiejjSP8xQ3A2xst2IyHyMlOjZHNAszILArWb73_mTXKWOo8o06rZEMHntNY2i3A7 ub1E dyah3NPXBVpDw==-GyoAAMRtbL4czelJCBQKJnLA3lYCB_Q3xnkgb4z8YKeLhgi9vZfjMgE=

http://www.capitalvaultsbits.com/If78lqbHGcu6p7aW6sei4tw1VbfcnEicW viYWG243OwIy1u8ium4U0yAdT5IXutG4JijBl7dzWFbyWucliUM9DMab 8f2MSni6M9AuqtnyQemxJkkJ3H8zbjoKGcEkSPOuTVwpcwz9uGXfkr gYa5DjkcQ1Wo6uat4l7 10MYUNiv1ROMMdabgDcZBUvjt1YIuwXCuieGxqqymjn8eLqPEZoCL0Jg==-GyoAAMRtbL4czelJCBQKJnLA3lYCB_Q3xnkgb4z8YKeLhgi9vZfjMgE=

http://www.capitalvaultsbits.com/SpJjv2GN0pyj Hu2gqGLgUag9IEgaCnoRqBf4xKKpF4fvvXfQBPDHy53X_UM6dwjgsduFT_Qo4P0W0vhyJ Ngtfk3xcykXX7F3vIvN5tKtO4s JkdiAYHmwV24DyfHUQcgOk8VExeeqUtYFrN1OMRG4mSHFA2vWsFcVyO_kVSSfcvwfYZE2ASvg1OeKarx2__rrGFHhwLUEYVPj2yq4aOQ2D9Zvg7A==-GyoAAMRtbL4czelJCBQKJnLA3lYCB_Q3xnkgb4z8YKeLhgi9vZfjMgE=

http://dc362.4shared.com/download/.../iTools.exe

http://down.upf.co.il/downloadnew/file/.../678d2338950d2c4bf6f271d9f04c08a5?ip=79.176.99.93

http://www.capitalvaultsbits.com/V8zBSTdn94YYt1jMg2NZTv9Lv2UMKtMk6P5DbeLE9_WQnv_kuBXC614ZHfrPWNhNHq60hVIMqYQ9NRTtFmATRGW9HvrXwLchqcpvYzikY2_QwfmkewjxDLx9ByQbmG4x4EItAuMCGk8eKtVhitMX3P7ysP1O x9bUmoAi3dvEh9VFizNwD9ebIpIm8EmP6TegSUxGRhgBNsnYNGcmjhc08iOrApSow==-GyoAAMRtbL4czelJCBQKJnLA3lYCB_Q3xnkgb4z8YKeLhgi9vZfjMgE=

http://www.capitalvaultsbits.com/dGC_zy7OrvjEMPpEXnd0fzov0hWh30WRlRZOjlzectwNW0Bdi0cO 4tou8YSsmGz6hvvvtpSvEvpkX0eplmELPgFz4k3UBbpjSij8nZqn6JOGR5lMvrgRWhF7BvKZ6q SKU0T9eoTb2msq2_flq0WWJaUqS12oYPSlHoQaE62OgGfVx46ZTkchg5nYcR5VBltvXlkFsw5sDhFovVzoUHRNyrI0rz4A==-GyoAAMRtbL4czelJCBQKJnLA3lYCB_Q3xnkgb4z8YKeLhgi9vZfjMgE=

http://www.capitalvaultsbits.com/Im_Q2TKDLaiyFtZgjbyDsKcYO20eO2k1vPBk04Xh8PnzdxkrRvhsEFRT8G3pq9pRYUZ1Ibcz3QxjcYxIjyNcH2bu25GAsfycUphl379mKa5ZmE4mdAS0Evz2ktc HHL8i4hB7NqCAtMYu4YKrNZf_N5feYfvkgQlxhrg3789ZTKmylOKOAyMMpJR9qwAtXqjVvHIcdgxiTmU_rq Do87mFQffS4nPA==-GyoAAMRtbL4czelJCBQKJnLA3lYCB_Q3xnkgb4z8YKeLhgi9vZfjMgE=

http://www.capitalvaultsbits.com/YNOE0N1PQ9pZrvsm mX vh38R87_OBFvZEl_dkyhJm0PbH49dTNzeDEhzVocSJEXmZqe6GbUSw1w4YF2_TE2FhjesGean1RBlDGXPE7a_5EWiCdryMe9fa0pLQLsm3SRvyNGZEv4bzaD5sdQkXGm39WZHU71e05ByG6c53Q4z9C_t0ikYltFQLZo eJovRI2URRsu jTgSwVwyvr9p0W7mLuH_eg8Q==-GyoAAMRtbL4czelJCBQKJnLA3lYCB_Q3xnkgb4z8YKeLhgi9vZfjMgE=

http://www.capitalvaultsbits.com/gv6UDPtVkTWA9iPu5KYATkB0ycQZjQg9quAdzi46b1Q5mAGXVmWlCaPZPQ9eYIRRex nXeMeuQuq3l0mfk8vrv1U0IeohIeiA2HggmaboWfC7zKd8gN6VQWNxz0R7ccQ8NnA53AxnZIMzpUl_0Jp9_uw9CA2zzMWBnAxbUIxno6YiE26FJTg3f7SCA4qfrgIrmm 50Ys7K8d6FlLe2IyURBK3TW0bA==-GyoAAMRtbL4czelJCBQKJnLA3lYCB_Q3xnkgb4z8YKeLhgi9vZfjMgE=

https://docs.google.com/uc?authuser=0&id=0B8T4sQjOhEvnWlp5RDZJNjFZaWs&export=download

Scan {1973748e-df8e-47e9-9fb7-9edbca2ccb16}.exe - Powered by Reason Core Security