» techprobaseinstall.exe
Overview
Analysis
File Details
Downloads (1)

techprobaseinstall.exe

MAHLE Powertrain LLC

This is a self-extracting archive and installer. The file has been seen being downloaded from dev.mahletechpro.com.

File name:

Publisher:

MAHLE Powertrain LLC (signed and verified)

MD5:

5c6372e03d76196da6de1903e05f633f

SHA-1:

77a31d82348d4edfdaa3f6ed3ec0ba531e28c3e9

SHA-256:

005c8fcfd7a7d89f6c10fe8f9eb1c0a217ba068565d635e8d662143ee47962dc

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 5:16:39 AM UTC (today)

File size:

115.5 MB (121,097,664 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\techprobaseinstall.exe

Digital Signature

Signed by:

MAHLE Powertrain LLC

Authority:

Symantec Corporation

Valid from:

5/3/2015 8:00:00 PM

Valid to:

10/31/2017 7:59:59 PM

Subject:

CN=MAHLE Powertrain LLC, O=MAHLE Powertrain LLC, L=Farmington Hills, S=Michigan, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

3951F55A24BD4119A06ACB0D2D3DEA64

File PE Metadata

Compilation timestamp:

1/20/2016 5:40:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

3145728:vatrDbrUywl6xiw/SZzuHwuU5IGyIjpnEWaJzd1ty9kulM:ClOc32awSGjEWybtyjlM

Entry address:

0x15AC

Entry point:

EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, C0, 4E, 00, A1, 9F, C0, 4E, 00, C1, E0, 02, A3, A3, C0, 4E, 00, 52, 6A, 00, E8, 3D, 9E, 0E, 00, 8B, D0, E8, 46, BF, 0D, 00, 5A, E8, 68, BE, 0D, 00, E8, 93, C0, 0D, 00, 6A, 00, E8, BC, DC, 0D, 00, 59, 68, 48, C0, 4E, 00, 6A, 00, E8, 17, 9E, 0E, 00, A3, A7, C0, 4E, 00, 6A, 00, E9, 23, 6B, 0E, 00, E9, EE, DC, 0D, 00, 33, C0, A0, 91, C0, 4E, 00, C3, A1, A7, C0, 4E, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, EC, 00, 00, 00, 0B, C9... 
[+]

Entropy:

7.9810 (probably packed)

Code size:

940 KB (962,560 bytes)

The file techprobaseinstall.exe has been seen being distributed by the following URL.

https://dev.mahletechpro.com/aws/v1/.../TechPROBaseInstall.exe

Scan techprobaseinstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.