home

iTools.exe

iTools

Shenzhen Thinksky Technology Co.,Ltd

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from download619.mediafire.com and multiple other hosts.
Publisher:
ThinkSky  (signed by Shenzhen Thinksky Technology Co.,Ltd)

Product:
iTools

Description:
One-stop ios device manager

Version:
1, 8, 1, 3

MD5:
664b7913519a92df1cbae9d060178245

SHA-1:
44317a844c313fc6a86a46eee009a87bf3fee0a0

SHA-256:
ec86a10769519f37d14bf112839a2974add40a3b9b21af328610eaab32788101

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/2/2024 5:21:59 PM UTC  (today)

File size:
6.5 MB (6,789,512 bytes)

Product version:
1, 8, 1, 3

Copyright:
Copyright (C) 2011-2013 ThinkSky

Original file name:
iTools.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\compressed\itools0524e_2\itools0524e\itools\itools.exe

Digital Signature
Signed by:
Shenzhen Thinksky Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
5/18/2012 3:00:00 AM

Valid to:
5/19/2014 2:59:59 AM

Subject:
CN="Shenzhen Thinksky Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Thinksky Technology Co.,Ltd", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
436F252D3A04D8D97E1ACB45363E7F1A

File PE Metadata
Compilation timestamp:
5/24/2013 11:58:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:LlEXsulaNfWVZ2y/OKDUePLj7oLZvv8lCgEGeQr0gTaJPU:oblSiALZvv8lOGTggF

Entry address:
0x3A72D8

Entry point:
E8, C7, 03, 00, 00, E9, 36, FD, FF, FF, FF, 25, 44, B6, 83, 00, FF, 25, 20, B7, 83, 00, CC, CC, 68, 49, 73, 7A, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 20, 40, 8F, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24...
 
[+]

Entropy:
6.8112

Code size:
4.2 MB (4,431,872 bytes)

Scheduled Task
Task name:
{63E53593-87AC-421C-A2D3-2E4F0045D1FF}

Trigger:
Registration (Runs on registration)


The file iTools.exe has been discovered within the following programs.

Apple Application Support  by Apple Inc.
Apple Application Support is required to run iTunes, QuickTime and other Apple installed products (do not remove this if you use any of these programs). If you remove this program you will need to reinstall it in order for iTunes to load.
www.apple.com
6% remove it
iTools 0524  by Company
About 8% of users remove it
 
Powered by Should I Remove It?

The file iTools.exe has been seen being distributed by the following 11 URLs.

http://download619.mediafire.com/ksa44x8kycog/.../iTools.exe

http://download2145.mediafire.com/hufsgq5gsawg/.../iTools.exe

http://download1510.mediafire.com/a8nw4beobbig/.../iTools.exe

http://download2145.mediafire.com/1211b2lrexlg/.../iTools.exe

http://dl.revenyouapp.com/Files//Setup_product_12083.exe

http://download658.mediafire.com/2409jc45prpg/.../iTools.exe

http://download2087.mediafire.com/q4cr0v1ackkg/.../iTools.exe

http://download2087.mediafire.com/3ea6swdguwgg/.../iTools.exe

http://download1681.mediafire.com/a58891f11htg/.../iTools.exe

http://dc587.4shared.com/download/.../itools.exe

https://dl.dropboxusercontent.com/s/.../iTools.exe

Scan iTools.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.