tnbutil.exe

F-Secure CUIF

F-Secure Corporation

The executable tnbutil.exe has been detected as malware by 7 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘F-Secure TNB’.
Publisher:
F-Secure Corporation  (signed and verified)

Product:
F-Secure CUIF

Description:
TNBUtil

Version:
9, 20, 6270, 0

MD5:
4234b07bfd6e75578616b7fc94683356

SHA-1:
bca8d15046cfaff5244ac39d5ce1691064907feb

SHA-256:
9c8e02d0e3936295649d0010d805800c75eb586145e312ab7168e11afd04390d

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/27/2024 11:00:23 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Sality.Patched
8.3.2.4

Comodo Security
UnclassifiedMalware
23958

F-Prot
W32/Patched.Y.gen
v6.4.7.1.166

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.9.5.0

Qihoo 360 Security
Win32/Virus.7c2
1.0.0.1077

Rising Antivirus
PE:Junk.FileBroken!1.9A81 [F]
23.00.65.17311

VIPRE Antivirus
Trojan.Win32.Generic
46446

File size:
1.6 MB (1,653,360 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright (C) 2008-2009 F-Secure Corporation

Original file name:
tnbutil.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\f-secure\fsgui\tnbutil.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/25/2006 7:00:00 PM

Valid to:
12/15/2009 6:59:59 PM

Subject:
CN=F-Secure Corporation, OU=Research and Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=F-Secure Corporation, L=Helsinki, S=Helsinki, C=FI

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
598B4892BD1955EB9A888FF393B85237

File PE Metadata
Compilation timestamp:
11/6/2009 11:47:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x2E2AF

Entry point:
C3, C3, C3, C3, C3, C3, C3, C3, FF, FF, CC, CC, CC, 56, 43, 32, 30, 58, 43, 30, 30, 55, 8B, EC, 83, EC, 08, 53, 56, 57, 55, FC, 8B, 5D, 0C, 8B, 45, 08, F7, 40, 04, 06, 00, 00, 00, 0F, 85, C3, 00, 00, 00, 89, 45, F8, 8B, 45, 10, 89, 45, FC, 8D, 45, F8, 89, 43, FC, 8B, 73, 0C, 8B, 7B, 08, 53, E8, E3, C9, 00, 00, 83, C4, 04, 0B, C0, 0F, 8E, 8F, 00, 00, 00, 83, FE, FF, 0F, 84, 8D, 00, 00, 00, 8D, 0C, 76, 8B, 44, 8F, 04, 0B, C0, 74, 66, 56, 55, 8D, 6B, 10, 33, DB, 33, C9, 33, D2, 33, F6, 33, FF, FF, D0, 5D, 5E...
 
[+]

Code size:
272 KB (278,528 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
F-Secure TNB

Command:
"C:\Program Files\f-secure\fsgui\tnbutil.exe" \checkall \waitforsw


Remove tnbutil.exe - Powered by Reason Core Security