» jv16pt_preworker2.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

jv16pt_preworker2.exe

Macecraft Software (Macecraft Oy)

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘jv16 PT 2017 (System Startup Check)’. This file is installed with the program jv16 PowerTools 2017.

File name:

Publisher:

Macecraft Software (Macecraft Oy) (signed and verified)

MD5:

68356475a5386621266e2eb6126afb99

SHA-1:

7eb6a51bb77cf393b6224d999a658cd598ef0999

SHA-256:

3dc77374adb88b76ba02565c0800b553cae6bf3c316785bd7f6084e71d36cfd1

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/15/2024 1:42:07 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Suspicious.Cloud.9!c

2.1.4+

File size:

319.9 KB (327,576 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\jv16 powertools 2017\jv16pt_preworker2.exe

Digital Signature

Signed by:

Macecraft Software (Macecraft Oy)

Authority:

COMODO CA Limited

Valid from:

5/4/2015 8:00:00 AM

Valid to:

5/4/2017 7:59:59 AM

Subject:

CN=Macecraft Software (Macecraft Oy), O=Macecraft Software (Macecraft Oy), STREET=Isolinnankatu 21E, L=PORI, S=Satakunta, PostalCode=28100, C=FI

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2B19A97CD29B956096EFD458777284BA

File PE Metadata

Compilation timestamp:

10/14/2016 10:42:00 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:uXOVHWVDk/cpxaejbdKyl4GzhCee1gEbOZSCLByUda1RR75JlVRSIRroSz7:uX5hpH9XHPkbOZSCY1RR7DlVRSIhoSz7

Entry address:

0x118430

Entry point:

60, BE, 00, C0, 4C, 00, 8D, BE, 00, 50, F3, FF, C7, 87, FC, 29, 0E, 00, D4, FD, 5A, 4D, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, CE, 62, 11, 00, 57, 83, C3, 04, 53, 68, 24, C4, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9... 
[+]

Entropy:

7.9828 (probably packed)

Code size:

312 KB (319,488 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

jv16 PT 2017 (System Startup Check)

Command:

"C:\Program Files\jv16 powertools 2017\jv16pt_preworker2.exe" \sysstartupcheck \pC:"C:\Program Files\jv16 powertools 2017\"

The file jv16pt_preworker2.exe has been discovered within the following programs.

jv16 PowerTools 2017 by Macecraft Software

www.macecraft.com

About 5% of users remove it

Scan jv16pt_preworker2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.