setup_toolwizcare.exe

ToolWiz Care

XII CNC Inc.

This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program Toolwiz Care by ToolWiz Care. This file is installed with the program Toolwiz Care. The file has been seen being downloaded from dl.dropboxusercontent.com and multiple other hosts.
Publisher:
ToolWiz  (signed by XII CNC Inc.)

Product:
ToolWiz Care

Version:
3.1.0.5300

MD5:
405b68f4c4b3050ae5c0dcf5936f1f1d

SHA-1:
d0c9b4ebcae244b615ab4fbd52dfee8f442eb3ef

SHA-256:
c8f4a3dc28d0492577f378441ff29caee9d5a719c889fd9454a93d37731faf2e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 10:40:06 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Trojan.Agent!6.670
23.00.65.14122

File size:
7.1 MB (7,400,720 bytes)

Product version:
2.0

Copyright:
Copyright(c) 2013 by ToolWiz.com

Trademarks:
ToolWiz

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup_toolwizcare.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/10/2013 4:00:00 AM

Valid to:
11/10/2014 3:59:59 AM

Subject:
CN=XII CNC Inc., OU=R&D Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang-si, S=Gyeonggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0EA8B60149BC1FE40C91216292149AA7

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:5jFqBot1WbSkpTcc1IjdI5xmbl9v12rgfu:hFZ1vK7mbUrQu

Entry address:
0xF9D001

Entry point:
60, E9, 3D, 04, 00, 00, E9, 24, 04, 00, 01, EB, 00, BB, 31, 39, 44, 00, 04, DD, 2B, 9D, D1, 3F, 44, 00, 84, BD, FC, 49, 45, 00, 00, 89, 9E, FC, 49, 44, 01, 0F, 85, 66, 04, 00, 00, C7, 86, 33, 39, 44, 01, 00, 00, 00, 01, 8D, 85, 04, 4B, 44, 00, 50, 00, 96, 00, 4B, 45, 00, 89, 85, 01, 4A, 44, 00, 8C, F8, 8D, 9D, 12, 4A, 44, 00, 54, 50, FF, 95, FD, 4A, 44, 00, 8A, 85, FC, 3F, 45, 00, 8D, 9D, 1F, 4A, 44, 00, 54, 57, FF, 95, FD, 4A, 44, 00, 8A, 85, 00, 40, 45, 00, 8D, 85, B6, 39, 44, 00, 00, E1, 00, 6A, 16, 00...
 
[+]

Packer / compiler:
ASProtect v1.1

Code size:
1.3 MB (1,400,832 bytes)

Program Uninstaller
Program name:
Toolwiz Care

Display publisher:
ToolWiz Care

Display version:
3.1.0.5300

Uninstall string:
"C:\Program Files (x86)\ToolwizCareFree\UninstallToolwizCare.exe" /REMOVE


The file setup_toolwizcare.exe has been discovered within the following programs.

Portable Start Menu 3.2  by aignes.com
www.aignes.com
About 5% of users remove it
Toolwiz Care  by ToolWiz
Publisher's description - “ToolWiz Care is a set of free-of-charge tools designed to speed up your PC and give your system a full range of care.”
www.Toolwiz.com
4% remove it
 
Powered by Should I Remove It?

The file setup_toolwizcare.exe has been seen being distributed by the following 7 URLs.

Scan setup_toolwizcare.exe - Powered by Reason Core Security