home

total commander 601.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s10081.chomikuj.pl and multiple other hosts.
MD5:
03acf43f8cb423bdead16ced8af1945f

SHA-1:
b14923d94efa5ced77d60144106e538975d7e835

SHA-256:
b206247b42656719e606a71626c6d74939557b8839f57af83d3c33818961f610

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/17/2024 8:45:06 PM UTC  (today)

Scan engine
Detection
Engine version

ViRobot
Trojan.Win32.A.Badur.1473856[h]
2014.3.20.0

File size:
1.4 MB (1,473,856 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads e.d\total commander 601.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:T6sNGnso97u1r1rkqfRT53mVUIu3eVJjzpgkHSdLfgvo1ihEx3J7N1zwzeB8ezks:T6sNtkilOVJj+4SdLYBEhVN1zHujkei

Entry address:
0x771C

Entry point:
55, 8B, EC, 83, C4, F4, 53, E8, 98, B2, FF, FF, E8, EB, B9, FF, FF, E8, BE, C0, FF, FF, E8, 45, CD, FF, FF, E8, B8, D4, FF, FF, B0, 01, E8, 35, C4, FF, FF, 68, 03, 01, 00, 00, 68, C4, A1, 40, 00, A1, 0C, 90, 40, 00, 50, E8, F4, BA, FF, FF, 6A, 0F, E8, 05, BC, FF, FF, 50, E8, 57, BB, FF, FF, A3, E8, A4, 40, 00, B8, C8, A2, 40, 00, E8, A0, FB, FF, FF, 84, C0, 74, 4F, B8, C8, A2, 40, 00, E8, 7E, F0, FF, FF, E8, A1, F7, FF, FF, 84, C0, 74, 0A, B8, C8, A2, 40, 00, E8, 7F, FE, FF, FF, B8, C8, A2, 40, 00, E8, 8D...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
26 KB (26,624 bytes)

The file total commander 601.exe has been discovered within the following program.

Total Commander (Remove or Repair)  by Ghisler Software GmbH
Total Commander is an Orthodox File Manager (OFM) for Windows that features include a built-in FTP client, tabbed interface, file compare, archive file navigation, and a versatile multi-rename tool with regular expression support.
www.ghisler.com
8% remove it
 
Powered by Should I Remove It?

The file total commander 601.exe has been seen being distributed by the following 3 URLs.

http://s10081.chomikuj.pl/File.aspx?e=_C9ZZ4wNWeTj1C7w5_NTpYB6g4xMJkhlkEUfiWqlQW0HjDEZi1cUH1st23vBGUwb0ID3Q0qzKe2OyGaj1PzBMqo4ByZ1Mtfbl3SYpkGJv5ANII07oydhjsHi1-cNTkssre2EPz5kejnZGvN5H_AaAIcx4nvQx7UKiKX_siiBsBE&pv=2

http://s6122.chomikuj.pl/File.aspx?e=_C9ZZ4wNWeTj1C7w5_NTpYB6g4xMJkhlkEUfiWqlQW0u2FpxOVKT8VqgQkV5CL1FC508wmSJLaf-ZmjCB3uCaMPOARF42njpq77JgnTwGtniucPx5RReMS7s3GZTQstVdLfPPvkTGVnjDVnOZ8nk6g&pv=2

http://s6122.chomikuj.pl/File.aspx?e=_C9ZZ4wNWeTj1C7w5_NTpYB6g4xMJkhlkEUfiWqlQW1YdsEyy7BvOgIAw3eZ0RrahznPOp9alQ_R_s-ZMt6jebZ764WrcTTN6xGLHXMM-uPSFtBOlAaLtBcRxpJZRYIhMBdbS8BxVHmWyhKaiz47nw&pv=2

Scan total commander 601.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.