» tune_up.exe
Overview
Analysis
File Details
Network (1)

tune_up.exe

ADVANCED TECH SUPPORTCO, LLC.

The application tune_up.exe by ADVANCED TECH SUPPORTCO has been detected as a potentially unwanted program by 18 anti-malware scanners. While running, it connects to the Internet address ip-184-168-221-39.ip.secureserver.net on port 80 using the HTTP protocol.

File name:

tune_up.exe

Publisher:

ADVANCED TECH SUPPORTCO, LLC. (signed and verified)

Description:

Tune Up

Version:

1.0.6.8

MD5:

fa719b54a0b9401ece60d49a4a7a9501

SHA-1:

92b373b831c3ecd5a4a614391f082b7f1e11c594

SHA-256:

856e698e24236be11225984c2a46daa2fc03d48f2abb65eceeea41c440a86048

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

11/26/2024 11:50:02 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.63780

452

AhnLab V3 Security

Malware/Win32.Generic

2015.11.06

Avira AntiVirus

TR/Strictor.63780

8.3.2.2

Arcabit

Trojan.Strictor.DF924

1.0.0.590

Bitdefender

Gen:Variant.Strictor.63780

1.0.20.1565

Comodo Security

UnclassifiedMalware

23536

Dr.Web

Trojan.DownLoader16.11251

9.0.1.0313

Emsisoft Anti-Malware

Gen:Variant.Strictor.63780

8.15.11.09.07

F-Secure

Gen:Variant.Strictor.63780

11.2015-09-11_2

G Data

Gen:Variant.Strictor.63780

15.11.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

McAfee

Artemis!FA719B54A0B9

5600.6586

MicroWorld eScan

Gen:Variant.Strictor.63780

16.0.0.939

Reason Heuristics

PUP.Optional.ADVANCEDTECHSUPPORTCO.Installer

15.11.9.19

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.151107

Trend Micro

TROJ_GEN.R08NC0OF315

10.465.09

Vba32 AntiVirus

Trojan.Llac

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

45024

File size:

2.8 MB (2,921,088 bytes)

AdvancedTechSupport

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Digital Signature

Signed by:

ADVANCED TECH SUPPORTCO, LLC.

Authority:

DigiCert Inc

Valid from:

8/25/2014 8:00:00 PM

Valid to:

9/2/2015 8:00:00 AM

Subject:

CN="ADVANCED TECH SUPPORTCO, LLC.", O="ADVANCED TECH SUPPORTCO, LLC.", L=Boca Raton, S=Florida, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0E7382AA7195B1571687CB11B82F3CA7

File PE Metadata

Compilation timestamp:

8/26/2014 1:17:32 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:yo9mYsfJhbDNWan9o5OpcVJoZZSjQlO9hcz1EP8Naa8RPaLIujIo5OZOyussh3nd:yLzfJjNf8njQlehGwlTtg5jood

Entry address:

0x29AB7

Entry point:

E8, 77, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 21, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, C3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 21, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03... 
[+]

Entropy:

7.7680 (probably packed)

Code size:

566.5 KB (580,096 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ip-184-168-221-39.ip.secureserver.net (184.168.221.39:80)

Remove tune_up.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.