» totalsystemcare-setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

totalsystemcare-setup.exe

TotalSystemCare

SafeBytes Software Inc.

The application totalsystemcare-setup.exe by SafeBytes Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Total System Care by SafeBytes Software Inc.. The file has been seen being downloaded from download.totalsystemcare.com.

File name:

Publisher:

SafeBytes Software Inc. (signed and verified)

Product:

TotalSystemCare

Version:

1.4.0.1

MD5:

b50e08d6c90b5c2c32fc05a490002006

SHA-1:

b2df0c9b8198827106346262bc28985b640df260

SHA-256:

4c6b6f634d8f0a977e89989b1d69eddea87b408db47e57704e6246ce20e58ef4

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 12:50:58 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.6.9.22

File size:

1.2 MB (1,213,296 bytes)

Product version:

1.4.0.1

Trademarks:

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\totalsystemcare-setup.exe

Digital Signature

Signed by:

SafeBytes Software Inc.

Authority:

Symantec Corporation

Valid from:

10/22/2015 5:30:00 AM

Valid to:

9/11/2017 5:29:59 AM

Subject:

CN=SafeBytes Software Inc., O=SafeBytes Software Inc., L=Mascouche, S=Quebec, C=CA, SERIALNUMBER=8678359, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CA

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

246A1D5D12699D0EB7FE724D899B4CFC

File PE Metadata

Compilation timestamp:

12/25/2013 10:33:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:AVlIjNmelI4eD2YgaqC8Fo+Y06wV+WglWCWnUrYYTkWnmhEsGjDVf199t4c2n:klUNPS4y2Y558y+MVlWZnUUNWn5P7V4L

Entry address:

0x355D

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 10, A8, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 2C, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 14, 81, 40, 00, 53, FF, 15, 98, 82, 40, 00, 6A, 08, A3, F8, 08, 43, 00, E8, 72, 30, 00, 00, A3, 44, 08, 43, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 60, A0, 42, 00, FF, 15, 64, 81, 40, 00, 68, 00, A8, 40, 00, 68, 40, 00, 43, 00, E8, 6F, 2B, 00, 00, FF, 15, 20, 81, 40, 00, BD, 00, 60, 43, 00, 50, 55, E8, 5D, 2B... 
[+]

Entropy:

7.9754

Packer / compiler:

Nullsoft install system v2.x

Code size:

25.5 KB (26,112 bytes)

The file totalsystemcare-setup.exe has been discovered within the following program.

Total System Care by SafeBytes Software Inc.

www.totalsystemcare.com

About 6% of users remove it

The file totalsystemcare-setup.exe has been seen being distributed by the following URL.

http://download.totalsystemcare.com/TotalSystemCare-Setup.exe

Remove totalsystemcare-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.