jv16pt_preworker1.exe

Macecraft Software (Macecraft Oy)

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘jv16 PT 2017 (Pictures AntiSpy)’. This is installed with jv16 PowerTools 2017 RC4.
Publisher:
Macecraft Software (Macecraft Oy)  (signed and verified)

MD5:
8feb7becd08549dfebf463c0118e7530

SHA-1:
55b433748e111603f7b445d40c90740861cf6225

SHA-256:
5ed8b4a32802e200fd6a3b62d3b27c9f0249f16b57e0e8f26e7c944f65e0fab3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 1:21:11 PM UTC  (today)

File size:
451.4 KB (462,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\jv16 powertools 2017 rc4\jv16pt_preworker1.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/3/2015 5:00:00 PM

Valid to:
5/3/2017 4:59:59 PM

Subject:
CN=Macecraft Software (Macecraft Oy), O=Macecraft Software (Macecraft Oy), STREET=Isolinnankatu 21E, L=PORI, S=Satakunta, PostalCode=28100, C=FI

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2B19A97CD29B956096EFD458777284BA

File PE Metadata
Compilation timestamp:
9/29/2016 5:55:36 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:fDHT2GNJi2eeDoqCBYKal4jMMAKkAeK5sPEqoSByK:fDHT2kiEcW4jMMAKDz5i3yK

Entry address:
0x185010

Entry point:
60, BE, 00, 80, 51, 00, 8D, BE, 00, 90, EE, FF, C7, 87, 00, 7A, 14, 00, F7, E7, 44, 3A, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, F2, 34, 18, 00, 57, 83, C3, 04, 53, 68, 03, D0, 06, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Entropy:
7.9885  (probably packed)

Code size:
440 KB (450,560 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
jv16 PT 2017 (Pictures AntiSpy)

Command:
"C:\Program Files\jv16 powertools 2017 rc4\jv16pt_preworker1.exe" \picantispy \pC:"C:\Program Files\jv16 powertools 2017 rc4\"


The file jv16pt_preworker1.exe has been discovered within the following program.

jv16 PowerTools 2017 RC4  by Macecraft Software
www.macecraft.com
About 3% of users remove it
 
Powered by Should I Remove It?

Scan jv16pt_preworker1.exe - Powered by Reason Core Security