ransomfix64.exe

Trend Micro iRobot

Trend Micro Inc.

This is a setup program which is used to install the application. This is installed with Trend Micro Maximum Security. The file has been seen being downloaded from spnsupport.trendmicro.com and multiple other hosts.
Publisher:
Trend Micro Inc.

Product:
Trend Micro iRobot

Description:
Trend Micro Anti-Threat Toolkit

Version:
1.61.0.1081

MD5:
66ba0db860cb6b790361355654e180af

SHA-1:
70a37218713c6a7dacb3027796fd715aa6effe78

SHA-256:
6957b7c9a271a709101ae03703850256a0b97de561b35e9e3e18a39f898d43d0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 3:44:26 PM UTC  (today)

File size:
114.6 MB (120,214,108 bytes)

Product version:
1.61

Copyright:
Copyright (C) 2014 Trend Micro Incorporated. All rights reserved.

Trademarks:
Copyright (C) Trend Micro Inc.

Original file name:
SupportWrapper.exe

File type:
Executable application (Win64 EXE)

Language:
Chinese (Taiwanese)

File PE Metadata
Compilation timestamp:
1/2/2014 1:12:25 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3145728:ev90BKYisS9RhOmyh2Hi2pucyEhCcF1Fhtic:e10oRsS7hOmyh2Hv2ERFjhtx

Entry address:
0x4E054

Entry point:
48, 83, EC, 28, E8, 27, BB, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 2B, D1, 4C, 8B, CA, F6, C1, 07, 74, 1B, 8A, 01, 42, 8A, 14, 09, 3A, C2, 75, 56, 48, FF, C1, 84, C0, 74, 57, 48, F7, C1, 07, 00, 00, 00, 75, E6, 90, 49, BB, 00, 01, 01, 01, 01, 01, 01, 81, 4A, 8D, 14, 09, 66, 81, E2, FF, 0F, 66, 81, FA, F8, 0F, 77, CB, 48, 8B, 01, 4A, 8B, 14, 09, 48, 3B, C2, 75, BF, 49, BA, FF, FE, FE, FE, FE, FE...
 
[+]

Code size:
520 KB (532,480 bytes)

The file ransomfix64.exe has been discovered within the following program.

Trend Micro Maximum Security  by Trend Micro Inc.
www.trendmicro.com
About 6% of users remove it
 
Powered by Should I Remove It?

The file ransomfix64.exe has been seen being distributed by the following 2 URLs.

Scan ransomfix64.exe - Powered by Reason Core Security