tune_up.exe

ADVANCED TECH SUPPORTCO, LLC.

The application tune_up.exe by ADVANCED TECH SUPPORTCO has been detected as a potentially unwanted program by 18 anti-malware scanners. While running, it connects to the Internet address ip-184-168-221-39.ip.secureserver.net on port 80 using the HTTP protocol.
Publisher:
ADVANCED TECH SUPPORTCO, LLC.  (signed and verified)

Description:
Tune Up

Version:
1.0.6.8

MD5:
fa719b54a0b9401ece60d49a4a7a9501

SHA-1:
92b373b831c3ecd5a4a614391f082b7f1e11c594

SHA-256:
856e698e24236be11225984c2a46daa2fc03d48f2abb65eceeea41c440a86048

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 7:50:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.63780
452

AhnLab V3 Security
Malware/Win32.Generic
2015.11.06

Avira AntiVirus
TR/Strictor.63780
8.3.2.2

Arcabit
Trojan.Strictor.DF924
1.0.0.590

Bitdefender
Gen:Variant.Strictor.63780
1.0.20.1565

Comodo Security
UnclassifiedMalware
23536

Dr.Web
Trojan.DownLoader16.11251
9.0.1.0313

Emsisoft Anti-Malware
Gen:Variant.Strictor.63780
8.15.11.09.07

F-Secure
Gen:Variant.Strictor.63780
11.2015-09-11_2

G Data
Gen:Variant.Strictor.63780
15.11.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

McAfee
Artemis!FA719B54A0B9
5600.6586

MicroWorld eScan
Gen:Variant.Strictor.63780
16.0.0.939

Reason Heuristics
PUP.Optional.ADVANCEDTECHSUPPORTCO.Installer
15.11.9.19

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.151107

Trend Micro
TROJ_GEN.R08NC0OF315
10.465.09

Vba32 AntiVirus
Trojan.Llac
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45024

File size:
2.8 MB (2,921,088 bytes)

Copyright:
AdvancedTechSupport

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Digital Signature
Authority:
DigiCert Inc

Valid from:
8/25/2014 8:00:00 PM

Valid to:
9/2/2015 8:00:00 AM

Subject:
CN="ADVANCED TECH SUPPORTCO, LLC.", O="ADVANCED TECH SUPPORTCO, LLC.", L=Boca Raton, S=Florida, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E7382AA7195B1571687CB11B82F3CA7

File PE Metadata
Compilation timestamp:
8/26/2014 1:17:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:yo9mYsfJhbDNWan9o5OpcVJoZZSjQlO9hcz1EP8Naa8RPaLIujIo5OZOyussh3nd:yLzfJjNf8njQlehGwlTtg5jood

Entry address:
0x29AB7

Entry point:
E8, 77, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 21, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, C3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 21, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03...
 
[+]

Entropy:
7.7680  (probably packed)

Code size:
566.5 KB (580,096 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-184-168-221-39.ip.secureserver.net  (184.168.221.39:80)

Remove tune_up.exe - Powered by Reason Core Security