» tsassist.exe
Overview
Analysis
File Details
Behaviors (1)

tsassist.exe

The File Type Assistant

Trusted Software ApS

The application tsassist.exe, “Find software to open your files” by Trusted Software ApS has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named ProgramUpdateCheck triggered to execute each time a user logs in.

File name:

tsassist.exe

Publisher:

Trusted Software ApS (signed and verified)

Product:

The File Type Assistant

Description:

Find software to open your files

Version:

2014.3.25.0

MD5:

28f859ee69c732dbecf538985a87f17e

SHA-1:

14b83063319dad18dd18fe43460c9ffddc953a2c

SHA-256:

40cfb07ea76c32e97be6ed83ee831ce35a26189dd2f4d49cab0aaf0359d8ea6c

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/15/2024 9:54:04 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TrustedS (M)

16.7.3.17

File size:

2.8 MB (2,912,703 bytes)

Product version:

2014.3.25.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\file type assistant\tsassist.exe

Digital Signature

Signed by:

Trusted Software ApS

Authority:

Thawte, Inc.

Valid from:

3/24/2014 5:00:00 PM

Valid to:

3/24/2016 4:59:59 PM

Subject:

CN=Trusted Software ApS, O=Trusted Software ApS, L=Holbæk, S=DK, C=DK

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

12FE568131862C85A5B239B2F3CFF137

File PE Metadata

Compilation timestamp:

3/25/2014 2:28:09 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

49152:mEcAUmTcfP2CkijQ9+YFSCwHOEuX3m58l4ONTxTjS6KXwRz:mEAmijQ9Ofu3m58lRS67Rz

Entry address:

0x1848

Entry point:

E9, 6E, ED, 19, 00, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, A0, 60, 00, A1, 9F, A0, 60, 00, C1, E0, 02, A3, A3, A0, 60, 00, 52, 6A, 00, E8, 37, 72, 20, 00, 8B, D0, E8, F6, 69, 1F, 00, 5A, E8, 18, 69, 1F, 00, E8, 43, 6B, 1F, 00, 6A, 00, E8, 7C, 86, 1F, 00, 59, 68, 48, A0, 60, 00, 6A, 00, E8, 11, 72, 20, 00, A3, A7, A0, 60, 00, 6A, 00, E9, 47, 2E, 20, 00, E9, AE, 86, 1F, 00, 33, C0, A0, 91, A0, 60, 00, C3, A1, A7, A0, 60, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, EC, 00, 00, 00, 0B, C9... 
[+]

Entropy:

6.7468

Packer / compiler:

Xtreme-Protector v1.05

Code size:

2 MB (2,134,016 bytes)

Scheduled Task

Task name:

ProgramUpdateCheck

Trigger:

Logon (Runs on logon)

Remove tsassist.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.