» TranslateGeniusSetup.exe
Overview
Analysis
File Details
Downloads (1)

TranslateGeniusSetup.exe

Translate Genius

TGF Interactive LLC

The application TranslateGeniusSetup.exe by TGF Interactive has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr2.com.

File name:

Publisher:

TGF Interactive LLC (signed and verified)

Product:

Translate Genius

Version:

2.0.1.2

MD5:

fb70b713bc64a79c3fa4411b43699680

SHA-1:

e55007328ba3ae85c448f00eace48ca292df46b5

SHA-256:

fd0d16627500c99d17c603de2b87a24a30d34d3f8dfd416f3ad0ebaf559186a6

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 12:14:50 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.TGFInteractive.U

14.3.2.16

VIPRE Antivirus

TGF Interactive LLC

25352

File size:

6.3 MB (6,612,832 bytes)

Product version:

2.0.1.2

Original file name:

TranslateGeniusSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\translategeniussetup.exe

Digital Signature

Signed by:

TGF Interactive LLC

Authority:

GoDaddy.com, Inc.

Valid from:

7/10/2013 2:23:56 PM

Valid to:

7/10/2014 2:23:56 PM

Subject:

CN=TGF Interactive LLC, O=TGF Interactive LLC, L=Newport Beach, S=California, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

042553FE94BDEF

File PE Metadata

Compilation timestamp:

11/29/2012 2:55:28 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:RZ+mciFxPzopsGhisnA7sO1Tx4J8OGRqpLmMEnY2lUpL9XiU1CSzCjNXRnDWb9lq:HdsCZ5TCSL7YnLXiwpzoRRSRlPBwAw

Entry address:

0xAE649

Entry point:

E8, 25, B9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, CF, 44, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, CB, EB, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, AB, 44, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A7, EB, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 7C, 44, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77... 
[+]

Entropy:

7.5407

Code size:

899 KB (920,576 bytes)

The file TranslateGeniusSetup.exe has been seen being distributed by the following URL.

http://cdn.airdlr2.com/downloads/offers/.../TranslateGeniusSetup.exe

Remove TranslateGeniusSetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.