jv16pt_preworker2.exe

Macecraft Software (Macecraft Oy)

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘jv16 PT 2017 (System Startup Check)’. This is installed with jv16 PowerTools 2017 RC4.
Publisher:
Macecraft Software (Macecraft Oy)  (signed and verified)

MD5:
2a056211d77757ce66afaa4bd8b864f3

SHA-1:
fc90db916540fa3c2e4b1f8440a466beacc2c58c

SHA-256:
bce61bb98ec1abd7dcfa3675288665026f90b92caade697ef920baba5e4464bd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 1:31:02 PM UTC  (today)

File size:
319.4 KB (327,064 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\jv16 powertools 2017 rc4\jv16pt_preworker2.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/3/2015 5:00:00 PM

Valid to:
5/3/2017 4:59:59 PM

Subject:
CN=Macecraft Software (Macecraft Oy), O=Macecraft Software (Macecraft Oy), STREET=Isolinnankatu 21E, L=PORI, S=Satakunta, PostalCode=28100, C=FI

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2B19A97CD29B956096EFD458777284BA

File PE Metadata
Compilation timestamp:
9/29/2016 5:46:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:pXOVHWVDk/cpxaejbdKyl4GzhCee1gEbOZSCLByUda1RR75OYv3jlvoSoQ:pX5hpH9XHPkbOZSCY1RR7z3jlvoSoQ

Entry address:
0x118390

Entry point:
60, BE, 00, C0, 4C, 00, 8D, BE, 00, 50, F3, FF, C7, 87, FC, 29, 0E, 00, D4, FD, 5A, 4D, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, CE, 62, 11, 00, 57, 83, C3, 04, 53, 68, 86, C3, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Entropy:
7.9850  (probably packed)

Code size:
308 KB (315,392 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
jv16 PT 2017 (System Startup Check)

Command:
"C:\Program Files\jv16 powertools 2017 rc4\jv16pt_preworker2.exe" \sysstartupcheck \pC:"C:\Program Files\jv16 powertools 2017 rc4\"


The file jv16pt_preworker2.exe has been discovered within the following program.

jv16 PowerTools 2017 RC4  by Macecraft Software
www.macecraft.com
About 3% of users remove it
 
Powered by Should I Remove It?

Scan jv16pt_preworker2.exe - Powered by Reason Core Security