turbocleanpc@fbid=56b5226d07f0a4.39620331.exe

Turbo Clean PC

Rainmaker Software Group, LLC

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from anynewsupdate.com and multiple other hosts.
Publisher:
Rainmaker Software Group, LLC  (signed and verified)

Product:
Turbo Clean PC

Version:
4.1

MD5:
338b86d2a4c81fe7293fcb912375b7f8

SHA-1:
bb48dfe0cabcfbb372b98859a913d1d975be0f3b

SHA-256:
e779475dbe7de3fa067eeb6f02ae3ac6186fad625db11786109878bcb76d02ba

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 12:37:16 AM UTC  (today)

File size:
1.6 MB (1,626,520 bytes)

Product version:
4.1

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\turbocleanpc@fbid=56b5226d07f0a4.39620331.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
7/27/2015 6:00:00 PM

Valid to:
7/27/2016 5:59:59 PM

Subject:
CN="Rainmaker Software Group, LLC", O="Rainmaker Software Group, LLC", L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1A8C64EAAEC0D059B1F73CD6A286B81D

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:nnacTBHXlHFFQCyoUaHOOLNd/vSrBBQGe+/7tHAQForVW6sTrbxj6CkS3rJQBtU3:nakH1HFHyoUAv/gcvizmsnlj66inXBgn

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9917

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file turbocleanpc@fbid=56b5226d07f0a4.39620331.exe has been seen being distributed by the following 50 URLs.

https://anynewsupdate.com/tech99-dl?56c079513ebef1.48965299&rwp_fbid99=56c079513ebef1.48965299&rwp_al=cmp99&rwp_lpid=lp-tech99

https://anynewsupdate.com/tech99-dl?56c0d8df621ad4.86941677&rwp_fbid99=56c0d8df621ad4.86941677&rwp_al=cmp99&rwp_lpid=lp-tech99

https://anynewsupdate.com/tech99-dl?56c21c15961762.84706737&rwp_fbid99=56c21c15961762.84706737&rwp_al=cmp99&rwp_lpid=lp-tech99

https://anynewsupdate.com/tech1-dl?56b885db552c99.28397487&rwp_fbid=56b885db552c99.28397487&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech104-dl?56bea177302009.54596097&rwp_fbid104=56bea177302009.54596097&rwp_al=cmp104&rwp_lpid=lp-tech104

https://anynewsupdate.com/tech99-dl?56bf1d5b859795.74085801&rwp_fbid99=56bf1d5b859795.74085801&rwp_al=cmp99&rwp_lpid=lp-tech99

https://anynewsupdate.com/tech-news-ca-dl?56bf607beeefb8.70090591&rwp_fbid=56bf607beeefb8.70090591&rwp_al=cmp94&rwp_lpid=lp-tech13

https://anynewsupdate.com/tech99-dl?56bfada40e6085.62559723&rwp_fbid99=56bfada40e6085.62559723&rwp_al=cmp99&rwp_lpid=lp-tech99

https://anynewsupdate.com/tech1-dl?56b62a04d1eda6.48449741&rwp_fbid=56b62a04d1eda6.48449741&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech104-dl?56b722ceb424f1.10693992&rwp_fbid104=56b722ceb424f1.10693992&rwp_al=cmp104&rwp_lpid=lp-tech104

https://anynewsupdate.com/pt-dl?56bc9035ec24b0.59905344&rwp_fbidpt=56bc9035ec24b0.59905344&rwp_al=cmppt&rwp_lpid=lp-pt-1

https://anynewsupdate.com/tech104-dl?56b6db29783e51.95664468&rwp_fbid104=56b6db29783e51.95664468&rwp_al=cmp104&rwp_lpid=lp-tech104

https://anynewsupdate.com/tech99-dl?56c00450cda5e5.02483048&rwp_fbid99=56c00450cda5e5.02483048&rwp_al=cmp99&rwp_lpid=lp-tech99

https://anynewsupdate.com/tech104-dl?56b7ea064a2110.45476226&rwp_fbid104=56b7ea064a2110.45476226&rwp_al=cmp104&rwp_lpid=lp-tech104

https://anynewsupdate.com/tech1-dl?56bb6815675785.25529614&rwp_fbid=56bb6815675785.25529614&rwp_al=cmp9&rwp_lpid=tech11

Latest 30 of 60 download URLs

Scan turbocleanpc@fbid=56b5226d07f0a4.39620331.exe - Powered by Reason Core Security