home

tc64.exe

Ghisler Software GmbH

This is a setup and installation application. This is installed with Total Commander (Remove or Repair). The file has been seen being downloaded from wincmd.ru and multiple other hosts.
Publisher:
Ghisler Software GmbH  (signed and verified)

Description:
Total Commander Auto-Installer

Version:
8.0

MD5:
519b000412788917a5e51c706c122b64

SHA-1:
7686c6d4c952726f7a9de7350debeb44ce1c2eb8

SHA-256:
7052d7e105d12ed6dd845bd852490f42c31f3ee4d562b78de63746e7b6d00a6d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 6:14:02 AM UTC  (today)

File size:
4.1 MB (4,324,352 bytes)

Copyright:
Copyright © Ghisler Software GmbH 1993-2011

Original file name:
sfxhead.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tc64.exe

Digital Signature
Signed by:
Ghisler Software GmbH

Authority:
VeriSign, Inc.

Valid from:
8/26/2011 2:00:00 AM

Valid to:
8/26/2012 1:59:59 AM

Subject:
CN=Ghisler Software GmbH, OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ghisler Software GmbH, L=Bolligen, S=Bern, C=CH

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1CD8517B2373647496D551377199DEB5

File PE Metadata
OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
2.44

CTPH (ssdeep):
98304:Rga9tFN6ZC3ChcW230VX5b0pQ3JBfIjmJcXz6ltRz8M1iyD:RFF0NcqVX7ZBfgtX2Rz8oiyD

Entry address:
0x12DF0

Entry point:
55, 48, 89, E5, 48, 83, EC, 40, C6, 05, 11, 08, 03, 00, 00, E8, 6C, FF, FF, FF, C9, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 55, 48, 89, E5, 48, 81, EC, B0, 00, 00, 00, 48, 89, 5D, A8, 48, 89, 75, B0, 48, 89, 4D, F8, C6, 45, F0, 00, 48, BE, 00, 00, 00, 00, 00, 00, 00, 00, 48, 8D, 5D, E0, E8, 02, E6, FE, FF, 89, C1, 48, 8B, 55, F8, 41, B9, 10, 00, 00, 00, 48, 89, 74, 24, 20, 49, 89, D8, E8, F9, E5, FE, FF, 85, C0, 74, 02, EB, 05, E9, F5, 00, 00, 00, C7, 45, B8, 00, 00, 00, 00, C6, 45, D8, 01, E9, CF, 00...
 
[+]

Code size:
226 KB (231,424 bytes)

The file tc64.exe has been discovered within the following program.

Total Commander (Remove or Repair)  by Ghisler Software GmbH
Total Commander is an Orthodox File Manager (OFM) for Windows that features include a built-in FTP client, tabbed interface, file compare, archive file navigation, and a versatile multi-rename tool with regular expression support.
www.ghisler.com
8% remove it
 
Powered by Should I Remove It?

The file tc64.exe has been seen being distributed by the following 2 URLs.

http://wincmd.ru/en/.../tcm80x64.exe

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcm80x64.exe&kat=app&hash=823d087d4c81698eb17a5072eba680a4

Scan tc64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.