toolwizcares.exe

Toolwiz Care

XII CNC Inc.

The executable toolwizcares.exe has been detected as malware by 9 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named ToolwizCareFree triggered to execute each time a user logs in.
Publisher:
Toolwiz  (signed by XII CNC Inc.)

Product:
Toolwiz Care

Version:
2.0.0.0

MD5:
2cc554cee846d89fc58ddf57145b28fc

SHA-1:
24170c45df27fda43820d9ea0fa14f35d98d460a

SHA-256:
8b6de3aa9ac6fd736389411d64b9ea363d16e377899416f9a779b4d581506bca

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/15/2024 7:40:28 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160518-2

AVG
Win32/Floxif
2015.0.4604

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
16.07.20

ESET NOD32
Win32/Floxif.H virus
8.0.319.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.225.1868.0

Norman
Win32.Floxif.A
28.05.2016 15:32:18

File size:
5.1 MB (5,298,439 bytes)

Product version:
2.0

Copyright:
Copyright(c) 2012 by Toolwiz.com

Trademarks:
Toolwiz

Original file name:
Toolwiz.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\toolwizcarefree\toolwizcares.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/28/2012 5:00:00 PM

Valid to:
9/28/2013 4:59:59 PM

Subject:
CN=XII CNC Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang-si, S=Gyunggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5AE657C73341F9A5D7BDDD336C543E67

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:TrEsT1yBAaiUb5z25jrRidkBxP8UYYgNj:Tdqdz2VMdk9YYg9

Entry address:
0x2CECC0

Entry point:
E9, C1, 5F, F7, FF, F0, 53, B8, A8, E4, 6C, 00, E8, FF, 85, D3, FF, E8, B2, B4, DF, FF, E8, 01, F7, FF, FF, 33, C0, E8, 16, B0, DF, FF, E8, 31, 7A, DE, FF, 84, C0, 75, 34, BA, 40, EE, 6C, 00, B1, 01, B8, 68, EE, 6C, 00, E8, 34, 1F, D4, FF, 84, C0, 74, 0E, A1, 20, 37, 6E, 00, 8B, 00, E8, 00, 81, DE, FF, EB, 11, A1, 20, 37, 6E, 00, 8B, 00, E8, 7A, 80, DE, FF, E8, 09, 5B, D3, FF, BA, 40, EE, 6C, 00, B8, 68, EE, 6C, 00, B1, 01, E8, 00, 1F, D4, FF, 84, C0, 74, 1D, A1, 20, 38, 6E, 00, 80, B8, 5B, 01, 00, 00, 00...
 
[+]

Entropy:
7.1224

Packer / compiler:
Xtreme-Protector v1.05

Code size:
2.8 MB (2,940,928 bytes)

Scheduled Task
Task name:
ToolwizCareFree

Trigger:
Logon (Runs on logon)


Remove toolwizcares.exe - Powered by Reason Core Security