tsassist.exe

The File Type Assistant

Trusted Software ApS

The application tsassist.exe, “Find software to open your files” by Trusted Software ApS has been detected as adware by 4 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named ProgramUpdateCheck triggered to execute each time a user logs in. This file is typically installed with the program File Type Assistant by Trusted Software which is a potentially unwanted software program. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Trusted Software ApS  (signed and verified)

Product:
The File Type Assistant

Description:
Find software to open your files

Version:
2013.4.8.0

MD5:
88b6d362e111d87cbca6ca94e152b7c6

SHA-1:
cdfc725b11eef83c9e35834231f4a70d1d5cb556

SHA-256:
5932f3f7daaeba8ae4fd3950c163158ecfa9e0a46b8947df76a184a6f6b158b7

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 5:39:51 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.87.58

Boost by Reason
Optional.Task.TrustedSoftware.I
188838

ESET NOD32
Win32/FileTypeAssistant (variant)
8.9587

Reason Heuristics
PUP.TrustedSoftware
15.4.21.13

File size:
2.6 MB (2,749,632 bytes)

Product version:
2013.4.8.0

Copyright:
(C) 2010-2013 Trusted Software ApS

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\file type assistant\tsassist.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
11/11/2010 4:00:00 PM

Valid to:
11/11/2013 3:59:59 PM

Subject:
CN=Trusted Software ApS, O=Trusted Software ApS, STREET=Blomsterhaven 42, L=Holbaek, S=n/a, PostalCode=4300, C=DK

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
1DA7007608C324C640CE3FBCC9418735

File PE Metadata
Compilation timestamp:
4/8/2013 4:09:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:aSHwXzKyKKDamHSQuozEPdnjMndRhmDnTyTJSNV6fkN:aSHwX+FKDakEPdjUvNSNV6MN

Entry address:
0x1878

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, 00, 60, 00, A1, 9F, 00, 60, 00, C1, E0, 02, A3, A3, 00, 60, 00, 52, 6A, 00, E8, BB, D3, 1F, 00, 8B, D0, E8, 4E, CC, 1E, 00, 5A, E8, 70, CB, 1E, 00, E8, 9B, CD, 1E, 00, 6A, 00, E8, C8, E8, 1E, 00, 59, 68, 48, 00, 60, 00, 6A, 00, E8, 95, D3, 1F, 00, A3, A7, 00, 60, 00, 6A, 00, E9, 93, 90, 1F, 00, E9, FA, E8, 1E, 00, 33, C0, A0, 91, 00, 60, 00, C3, A1, A7, 00, 60, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, EC, 00, 00, 00, 0B, C9...
 
[+]

Entropy:
6.6490

Code size:
2 MB (2,093,056 bytes)

2 Scheduled Tasks
Task name:
ProgramUpdateCheck

Trigger:
Logon (Runs on logon)

Task name:
ProgramUpdateCheck

Trigger:
Logon (Runs on logon)

Action:
tsassist.exe \chkupd


The file tsassist.exe has been discovered within the following programs.

File Type Assistant  by Trusted Software
File Type Assistant is typically bundled by various 3rd party software through modified installers of generally free open source software using the InstallIQ downloader.
www.trustedsoftware.com/utility-software/free-file-viewer.html
74% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-55-149-163.deploy.static.akamaitechnologies.com  (23.55.149.163:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-205-120-146.deploy.static.akamaitechnologies.com  (23.205.120.146:80)

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.234.111:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to host-66-96-225-201.myrepublic.co.id  (66.96.225.201:80)

TCP (HTTP):
Connects to host43-rangeA-akamai-aanp.cdn.enbrs.isp.sky.com  (94.15.95.43:80)

TCP (HTTP):
Connects to host-213.158.175.75.tedata.net  (213.158.175.75:80)

TCP (HTTP):
Connects to etg-01-035.etg.ras.cantv.net  (200.44.26.35:80)

TCP (HTTP):
Connects to a88-221-89-128.deploy.akamaitechnologies.com  (88.221.89.128:80)

Remove tsassist.exe - Powered by Reason Core Security