» jv16pt_preworker2.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

jv16pt_preworker2.exe

Macecraft Software (Macecraft Oy)

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘jv16 PT 2017 (System Startup Check)’. This file is installed with the program jv16 PowerTools 2017.

File name:

Publisher:

Macecraft Software (Macecraft Oy) (signed and verified)

MD5:

1c5218c8367c2fccbe2dfb8c36b5489a

SHA-1:

9cb07fa64ec2a7689896451cc3801c27e3c0c6a9

SHA-256:

f56ae5477be6d560b5a30089d6a983c1d3476aa98866f887dbf18571dced7f9b

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/15/2024 1:47:29 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.161223

Qihoo 360 Security

HEUR/QVM18.1.0000.Malware.Gen

1.0.0.1120

File size:

321.4 KB (329,112 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\jv16 powertools 2017\jv16pt_preworker2.exe

Digital Signature

Signed by:

Macecraft Software (Macecraft Oy)

Authority:

COMODO CA Limited

Valid from:

5/4/2015 4:30:00 AM

Valid to:

5/4/2017 4:29:59 AM

Subject:

CN=Macecraft Software (Macecraft Oy), O=Macecraft Software (Macecraft Oy), STREET=Isolinnankatu 21E, L=PORI, S=Satakunta, PostalCode=28100, C=FI

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2B19A97CD29B956096EFD458777284BA

File PE Metadata

Compilation timestamp:

12/13/2016 2:02:58 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x119AB0

Entry point:

60, BE, 00, D0, 4C, 00, 8D, BE, 00, 40, F3, FF, C7, 87, FC, 39, 0E, 00, C7, 57, 44, 39, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, CE, 72, 11, 00, 57, 83, C3, 04, 53, 68, 9F, CA, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9... 
[+]

Entropy:

7.9834 (probably packed)

Code size:

312 KB (319,488 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

jv16 PT 2017 (System Startup Check)

Command:

"C:\Program Files\jv16 powertools 2017\jv16pt_preworker2.exe" \sysstartupcheck \pC:"C:\Program Files\jv16 powertools 2017\"

The file jv16pt_preworker2.exe has been discovered within the following programs.

jv16 PowerTools 2017 by Macecraft Software

www.macecraft.com

About 5% of users remove it

Scan jv16pt_preworker2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.