totalsystemcare-setup.exe

TotalSystemCare

SafeBytes Software Inc.

The application totalsystemcare-setup.exe by SafeBytes Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Total System Care by SafeBytes Software Inc.. The file has been seen being downloaded from www.fixmypcfree.com.
Publisher:
SafeBytes Software Inc.  (signed and verified)

Product:
TotalSystemCare

Version:
1.4.0.1

MD5:
ea3330573c756218402c69520467450c

SHA-1:
784c98688e85bc0b9e2d80eddf7526e7a5982364

SHA-256:
e388a5dc674b7aeecc86078436790b012df9ff14daf39f51d866f67c40f4cca6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 12:21:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.6.7.11

File size:
1.2 MB (1,212,464 bytes)

Product version:
1.4.0.1

Copyright:
Copyright (c) 2016 SafeBytes Software Inc.

Trademarks:
Copyright (c) 2016 SafeBytes Software Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\totalsystemcare-setup.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
10/21/2015 5:00:00 PM

Valid to:
9/10/2017 4:59:59 PM

Subject:
CN=SafeBytes Software Inc., O=SafeBytes Software Inc., L=Mascouche, S=Quebec, C=CA, SERIALNUMBER=8678359, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CA

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
246A1D5D12699D0EB7FE724D899B4CFC

File PE Metadata
Compilation timestamp:
12/24/2013 9:03:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:dVlI8/6CW4d6tRFzxoM2b4v0IhclyBghXfA8U3aaMXaamm+T5zgRk:PlgB40FzxoMq4vHWwupXm9dgRk

Entry address:
0x355D

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 10, A8, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 2C, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 14, 81, 40, 00, 53, FF, 15, 98, 82, 40, 00, 6A, 08, A3, F8, 08, 43, 00, E8, 72, 30, 00, 00, A3, 44, 08, 43, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 60, A0, 42, 00, FF, 15, 64, 81, 40, 00, 68, 00, A8, 40, 00, 68, 40, 00, 43, 00, E8, 6F, 2B, 00, 00, FF, 15, 20, 81, 40, 00, BD, 00, 60, 43, 00, 50, 55, E8, 5D, 2B...
 
[+]

Entropy:
7.9756

Packer / compiler:
Nullsoft install system v2.x

Code size:
25.5 KB (26,112 bytes)

The file totalsystemcare-setup.exe has been discovered within the following program.

Total System Care  by SafeBytes Software Inc.
www.totalsystemcare.com
About 6% of users remove it
 
Powered by Should I Remove It?

The file totalsystemcare-setup.exe has been seen being distributed by the following URL.

Remove totalsystemcare-setup.exe - Powered by Reason Core Security