turbocleanpc@tid=3d9ce58f8e6d4e8ca4a0ee363ea975f2.exe

Turbo Clean PC

Rainmaker Software Group, LLC

The application turbocleanpc@tid=3d9ce58f8e6d4e8ca4a0ee363ea975f2.exe by Rainmaker Software Group has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from anynewsupdate.com and multiple other hosts.
Publisher:
Rainmaker Software Group LLC   (signed by Rainmaker Software Group, LLC)

Product:
Turbo Clean PC

Version:
4.1

MD5:
5c0352f1d7d7c1830d23390ac5280f44

SHA-1:
6eed397c78519364962281458e29dd24286808a6

SHA-256:
442cb2ad202cdf205448befd3a935e21b762ac3ff2b40776d1989ea833102c0a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:14:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Rainmaker.Installer.Meta (L)
16.6.13.20

File size:
1.5 MB (1,625,128 bytes)

Product version:
4.1

Copyright:
Rainmaker Software Group LLC

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\turbocleanpc@tid=3d9ce58f8e6d4e8ca4a0ee363ea975f2.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
7/27/2015 8:00:00 PM

Valid to:
7/27/2016 7:59:59 PM

Subject:
CN="Rainmaker Software Group, LLC", O="Rainmaker Software Group, LLC", L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1A8C64EAAEC0D059B1F73CD6A286B81D

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:qaPgphtehE4VGGbm3F1PQIDNtbZinXBgG:DPgphMhXVGj3vJQRgG

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9915

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file turbocleanpc@tid=3d9ce58f8e6d4e8ca4a0ee363ea975f2.exe has been seen being distributed by the following 50 URLs.

https://anynewsupdate.com/tech1-dl?569697e9536149.62786959&rwp_fbid=569697e9536149.62786959&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?569856177c3843.46049149&rwp_fbid=569856177c3843.46049149&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?5697bdb7267195.14673302&rwp_fbid=5697bdb7267195.14673302&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?56a4d75f03ffc9.16443570&rwp_fbid=56a4d75f03ffc9.16443570&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?56afd789765252.80994692&rwp_fbid=56afd789765252.80994692&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?56a4142ed36c81.36857199&rwp_fbid=56a4142ed36c81.36857199&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech-news-ca-dl?56b13a7e6974d6.15579939&rwp_fbid=56b13a7e6974d6.15579939&rwp_al=cmp94&rwp_lpid=tech13

https://anynewsupdate.com/tech1-dl?569403dc0c54a1.94512041&rwp_fbid=569403dc0c54a1.94512041&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?56a14ea008c262.88343872&rwp_fbid=56a14ea008c262.88343872&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech-news-ca-dl?56aba40691a0a0.36929071&rwp_fbid=56aba40691a0a0.36929071&rwp_al=cmp94&rwp_lpid=tech13

https://anynewsupdate.com/tech1-dl?56a3ebbe496160.08834745&rwp_fbid=56a3ebbe496160.08834745&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?569eaec7672cf0.38844271&rwp_fbid=569eaec7672cf0.38844271&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech101-dl?56aa391c4502a1.56425072&rwp_fbid=56aa391c4502a1.56425072&rwp_al=cmp9&rwp_lpid=lp-tech102

http://origin.safe-secure3.com.s3.amazonaws.com/.../TurboCleanPC.exe

https://anynewsupdate.com/tech1-dl?56905cff9fc4f5.26523523&rwp_fbid=56905cff9fc4f5.26523523&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?56acf6c76a21f4.82790720&rwp_fbid=56acf6c76a21f4.82790720&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?56aec6231c1e17.52548551&rwp_fbid=56aec6231c1e17.52548551&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?569765f09a84a5.67804956&rwp_fbid=569765f09a84a5.67804956&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech101-dl?56a65acd1c2c17.74507754&rwp_fbid=56a65acd1c2c17.74507754&rwp_al=cmp9&rwp_lpid=lp-tech102

https://anynewsupdate.com/tech1-dl?56955627ef3e16.95878692&rwp_fbid=56955627ef3e16.95878692&rwp_al=cmp9&rwp_lpid=tech11

https://anynewsupdate.com/tech1-dl?56a56d45d7c0a4.80398744&rwp_fbid=56a56d45d7c0a4.80398744&rwp_al=cmp9&rwp_lpid=tech11

Latest 30 of 121 download URLs