home

turbocollage6windowssetup.exe

TurboCollage

SilkenMermaid Technologies Private Limited

The application turbocollage6windowssetup.exe, “TurboCollage Setup ” by SilkenMermaid Technologies Private Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from turbocollage.en.softonic.com.
Publisher:
SilkenMermaid Technologies Private Limited   (signed by SilkenMermaid Technologies Private Limited)

Product:
TurboCollage

Description:
TurboCollage Setup

MD5:
55d8747df26ce1b21e6dc531739570b8

SHA-1:
2e95a764bf2ac5b59fb7d03dffde96586bc34a2a

SHA-256:
81cee0d6c500161487b936fe5ef001174e038f554e835baaff318e6598af2bbb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/26/2024 1:27:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.20.18

File size:
4.8 MB (5,013,456 bytes)

Product version:
6.0.0.8

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\turbocollage6windowssetup.exe

Digital Signature
Signed by:
SilkenMermaid Technologies Private Limited

Authority:
COMODO CA Limited

Valid from:
11/28/2016 1:00:00 AM

Valid to:
11/29/2020 12:59:59 AM

Subject:
CN=SilkenMermaid Technologies Private Limited, O=SilkenMermaid Technologies Private Limited, STREET="16C, Pocket A,DDA Flats,", STREET=Sukhdev Vihar, L=New Delhi, S=Delhi, PostalCode=110025, C=IN

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2A6689AEE0FD2358EBB34B3661B9C6EF

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file turbocollage6windowssetup.exe has been seen being distributed by the following URL.

https://turbocollage.en.softonic.com/.../6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAO5GjYLt2FuXfL6tICKFThXytc260JfxvHi3fjIc9cmRW83EqkJN9xFFpRo32EuHk2M9uR98pDTZFoRK98hPprEwNbi2f7EosHSFuPV8KvJgsSebXq1tQD6SVJMR1iSTKSBM9SOboRDewuQTNEDrIw3yGjfakXSGvFTeAS6j35ikg==

Remove turbocollage6windowssetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.