home

worktime.exe

NesterSoft Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WorkTime’.
Publisher:
NesterSoft Inc.  (signed and verified)

Version:
4.0.7.167

MD5:
077917a9c73f2ab970d167eef211268a

SHA-1:
bae7dfd6683d21d5a2ea3766fff5647e9685136e

SHA-256:
03b0718fe7ff02234e3a9d65d45e9c5462ccb83f01c42808dcd092d37b556704

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 11:29:54 AM UTC  (today)

File size:
1.3 MB (1,394,352 bytes)

Product version:
4.0.3

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\worktime\worktime.exe

Digital Signature
Signed by:
NesterSoft Inc.

Authority:
The USERTRUST Network

Valid from:
11/18/2007 9:00:00 PM

Valid to:
11/18/2009 8:59:59 PM

Subject:
CN=NesterSoft Inc., O=NesterSoft Inc., STREET=40 Sarno st, L=Woodbridge, S=ON, PostalCode=L4H1X6, C=CA

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00BD7B4D8DB71EECC7A9330046460DD3C3

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1000

Entry point:
68, 01, C0, 7E, 00, E8, 01, 00, 00, 00, C3, C3, 95, 59, 60, A5, 6B, E6, 04, 10, E0, 16, 02, 5D, 1B, 9E, B1, FD, EB, 83, 0E, 30, 1B, 17, 04, 2D, 07, 96, C5, 14, 7A, 80, 68, 32, 24, 31, 1C, 75, 35, 76, 60, 81, 07, 8F, DF, 34, 98, 5F, 84, A3, 1A, 0B, 2C, EB, D3, B7, 1B, DF, 95, DF, F9, 35, 2A, 67, 60, 02, FC, D3, B4, F9, DF, BC, 1A, D6, 5A, 88, 0F, 53, 1F, 39, 3D, 53, 75, EB, E8, F4, AB, D2, F1, D1, 0B, F1, 3C, 8E, C0, 30, 8B, A7, 1C, 55, 70, AC, A6, 27, 27, 5F, 59, 03, DF, D3, C2, AE, C9, E3, FE, 35, 2A, 95...
 
[+]

Entropy:
7.9778

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
3 MB (3,117,568 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WorkTime

Command:
C:\Program Files\worktime\worktime.exe


Scan worktime.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.