home

uninstalltoolwizcare.exe

ToolWiz Care

XII CNC Inc.

This is a setup program which is used to install the application. This file is installed with the program Toolwiz Care. The file has been seen being downloaded from www.toolwiz.com and multiple other hosts.
Publisher:
ToolWiz  (signed by XII CNC Inc.)

Product:
ToolWiz Care

Version:
3.1.0.5000

MD5:
9e43788e435f0ddd4b846200217c5041

SHA-1:
e5513224f5d2a85c2b3ae81a209e03714476a37b

SHA-256:
d888776bd81ede82cdf1d13c92faa4234e022cdd2516f067b0278e2867652237

Scanner detections:
4 / 68

Status:
Clean  (4 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/15/2024 6:15:41 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!27245476E23B
5600.7209

Norman
Sality.A[gs]
11.20140224

Rising Antivirus
PE:Trojan.Agent!6.670
23.00.65.14121

Trend Micro House Call
TROJ_GEN.F47V1224
7.2.55

File size:
7.3 MB (7,619,856 bytes)

Product version:
2.0

Copyright:
Copyright(c) 2013 by ToolWiz.com

Trademarks:
ToolWiz

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\toolwizcarefree\uninstalltoolwizcare.exe

Digital Signature
Signed by:
XII CNC Inc.

Authority:
VeriSign, Inc.

Valid from:
9/10/2013 1:00:00 AM

Valid to:
11/10/2014 12:59:59 AM

Subject:
CN=XII CNC Inc., OU=R&D Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang-si, S=Gyeonggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0EA8B60149BC1FE40C91216292149AA7

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:XNIJrk2pafwqSxgIdgSIi0WlMjlze0GnUBQDTb:XNIJQ2goJOIOIhqHGn3

Entry address:
0xFDB001

Entry point:
60, E9, 3D, 04, 00, 00, EB, B3, 38, 7A, 03, 7C, 3C, C1, 33, AE, 78, 7A, 00, 4A, 17, E7, D3, A8, 78, 7A, 80, 2A, C0, 33, 47, 97, 3C, F3, 9E, 6B, 75, 3E, 03, 98, B9, 1C, 00, 97, 3C, BD, 86, A4, 05, 3E, 03, 97, 3C, 7A, 03, 1A, B9, 7E, 49, D3, 3C, 2A, FC, 02, 3C, 31, 47, 97, B5, FF, 03, DD, 78, 7A, 88, 6F, B1, E7, 12, DD, 78, 7A, 50, C7, C3, EF, FF, DD, 78, 7A, 8A, 12, C0, 45, 47, 97, B1, E7, 1D, DD, 78, 7A, 50, C0, C3, EF, FF, DD, 78, 7A, 8A, 12, 3C, 3A, 47, 97, B1, FF, B6, AE, 78, 7A, FC, 77, E4, 13, 16, 97...
 
[+]

Entropy:
7.9945

Packer / compiler:
ASPack v2.11

Code size:
1.3 MB (1,400,832 bytes)

The file uninstalltoolwizcare.exe has been discovered within the following program.

Toolwiz Care  by ToolWiz
Publisher's description - “ToolWiz Care is a set of free-of-charge tools designed to speed up your PC and give your system a full range of care.”
www.Toolwiz.com
4% remove it
 
Powered by Should I Remove It?

The file uninstalltoolwizcare.exe has been seen being distributed by the following 2 URLs.

http://www.toolwiz.com/download.php?action=ToolWizCare

http://bcs.duapp.com/btowssoft/.../Setup.exe

Scan uninstalltoolwizcare.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.