Adware_Removal_Tool_by_TSA.exe

Adware_Removal_Tool_by_TSA

Pawan Kumar

This is a setup program which is used to install the application. The file has been seen being downloaded from docs.google.com and multiple other hosts.
Publisher:
Pawan Kumar  (signed and verified)

Product:
Adware_Removal_Tool_by_TSA

Version:
4.1.0.0

MD5:
4baba237c439e9d19d1f9c119fb1bd9b

SHA-1:
726e57891ef833b27883af1ca799fa4ac590844a

SHA-256:
8199edc581fe08b7defdef0e77401127361d6999dd52bbe9a2bad69ad7b7cc7f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 10:03:35 AM UTC  (today)

File size:
684.2 KB (700,584 bytes)

Product version:
4.1.0.0

Copyright:
Copyright © 2015

Original file name:
Adware_Removal_Tool_by_TSA.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\adware_removal_tool_by_tsa.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
10/29/2014 1:00:00 AM

Valid to:
10/29/2016 1:59:59 AM

Subject:
CN=Pawan Kumar, OU=Software Development, O=Pawan Kumar, STREET=H NO 453/19 kailash Colony, STREET=Shanti vihar Near ITI Sonipat, L=Sonipat, S=Haryana, PostalCode=131001, C=IN

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
317DD1C55F51AC2756D9C93C060C6FA5

File PE Metadata
Compilation timestamp:
8/3/2015 12:37:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:fLVzAs0rLVz0gQAHoLV4IDABaF56+Aq4WBTWpSqXhpeEioU2UoV21OFKEsxr2OLL:qCUUo+ONXiEiJ2tZG

Entry address:
0xA219E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 71, 44, BF, 55, 00, 00, 00, 00, 02, 00, 00, 00, A3, 00, 00, 00, 1C, 40, 0A, 00, 1C, 06, 0A, 00, 52, 53...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
640.5 KB (655,872 bytes)

The file Adware_Removal_Tool_by_TSA.exe has been seen being distributed by the following 15 URLs.

https://docs.google.com/uc?authuser=0&id=0B-aiVpmF4l7YWUtOWmJzc1M1djg&export=download

https://www.gatsupport.com/download.aspx

https://dl-web.dropbox.com/.../Adware_Removal_Tool_by_TSA.exe

Scan Adware_Removal_Tool_by_TSA.exe - Powered by Reason Core Security