home

tb_free.exe

CHENGDU YIWO Tech Development Co., Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from soft.archive1.clubic.com and multiple other hosts.
Publisher:
CHENGDU YIWO Tech Development Co., Ltd.  (signed and verified)

Version:
6.5

MD5:
d8895060f2e5ae00e6be88f116c3490f

SHA-1:
37be2a973b46e15ed89c96005ec6b284f706e33f

SHA-256:
fb1215fb790272da8e0cba954d48844db521170ffb5fd67a6c9896660da9b917

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 3:24:26 PM UTC  (today)

File size:
127.3 MB (133,449,800 bytes)

Product version:
6.5

Copyright:
Copyright © 2005-2013 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\easeus\easeus partition master 9.3.0\bin\tb_free.exe

Digital Signature
Signed by:
CHENGDU YIWO Tech Development Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/22/2012 7:00:00 PM

Valid to:
9/11/2014 6:59:59 PM

Subject:
CN="CHENGDU YIWO Tech Development Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="CHENGDU YIWO Tech Development Co., Ltd.", L=Chengdu, S=Sichuan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
33C34CCA6E6816B62B677D44B06835E5

File PE Metadata
Compilation timestamp:
10/9/2012 3:48:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3145728:+rDX4xVMXl9TpfVsHz3HH+oWqyVrY5wBD6LP:+fb19/sHz3HebnVrlJoP

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Entropy:
7.9997

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The file tb_free.exe has been discovered within the following program.

360Amigo System Speedup Free  by 360Amigo
360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file tb_free.exe has been seen being distributed by the following 9 URLs.

http://soft.archive1.clubic.com/files/618ba20f917cd44b9554b564fe9f1262/52e00565/.../easeus-todo-backup_6-5_fr_307534.exe

http://www.avlabsoftware.com/.../EaseUS_ToDo.Backup.Free_6.5.exe

http://dl.cdn.chip.de/downloads/.../tb_65free.exe

http://www.komputerpc.pl/programy/.../easeus_todo_backup_free_6.5(www.komputerpc.pl).exe

http://majorgeeks.mirror.internode.on.net/.../tb_free.exe

http://files1.majorgeeks.com/bf201d5407a6509fa536afc4b380577e/.../tb_free.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://www.easeus-software.com/.../tb_free.exe

http://software-files-a.cnet.com/s/software/13/57/07/.../tb_free.exe

Scan tb_free.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.