The page you navigated to does not exist

Oops, I am here again, your clumsy friend Win32.Helpware.VT... I swear I didn't eat your page!

Analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.

Upload and scan file

By using VirusTotal you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more.

29 / 66

29 engines detected this file

SHA-256	7f2552c4497ee063dce742b8bbe42c2b9be8e4949b6c0d3539539f37917e92ef
File name	setup.exe
File size	3.3 MB
Last analysis	2017-10-21 01:42:28 UTC
Community score	-2

Detection Details Behavior Community

Ad-Aware

Application.TuneUp.A

Antiy-AVL

RiskWare[RiskTool]/Win32.Tuneup.b

Arcabit

PUP.Adware.TuneUp

Avira

PUA/Systweak.Gen4

BitDefender

Application.TuneUp.A

Bkav

W32.HfsAdware.BBF9

CAT-QuickHeal

RiskTool.Tuneup

DrWeb

Program.Unwanted.876

eGambit

malicious_confidence_99%

Emsisoft

Application.OptInstall (A)

Endgame

malicious (moderate confidence)

eScan

Application.TuneUp.A

ESET-NOD32

a variant of Win32/Systweak.V potentially unwanted

F-Secure

Application.TuneUp.A

GData

Win32.Application.Systweak.D

K7AntiVirus

Unwanted-Program ( 004b0b411 )

K7GW

Unwanted-Program ( 004b0b411 )

Kaspersky

not-a-virus:RiskTool.Win32.Tuneup.b

MAX

malware (ai score=76)

Palo Alto Networks

generic.ml

Panda

PUP/Systweak

Qihoo-360

Win32/Virus.fe8

Rising

Malware.Heuristic!ET#89% (RDM+:cmRtazrkmwW4kMuoyOpsdfK/6d6y)

Sophos AV

Generic PUA LG (PUA)

SUPERAntiSpyware

PUP.TuneupPro/Variant

Symantec

ML.Attribute.HighConfidence

TrendMicro

ADW_UPTUNE

TrendMicro-HouseCall

ADW_UPTUNE

ZoneAlarm

not-a-virus:RiskTool.Win32.Tuneup.b

AegisLab

Clean

AhnLab-V3

Clean

ALYac

Clean

Avast

Clean

Avast Mobile Security

Clean

AVG

Clean

AVware

Clean

Baidu

Clean

ClamAV

Clean

CMC

Clean

Comodo

Clean

CrowdStrike Falcon

Clean

Cylance

Clean

Cyren

Clean

F-Prot

Clean

Fortinet

Clean

Ikarus

Clean

Jiangmin

Clean

Kingsoft

Clean

Malwarebytes

Clean

McAfee

Clean

McAfee-GW-Edition

Clean

Microsoft

Clean

NANO-Antivirus

Clean

nProtect

Clean

SentinelOne

Clean

Sophos ML

Clean

Tencent

Clean

TheHacker

Clean

TotalDefense

Clean

VBA32

Clean

VIPRE

Clean

ViRobot

Clean

WhiteArmor

Clean

Yandex

Clean

Zillya

Clean

Zoner

Clean

Alibaba

Unable to process file type

Symantec Mobile Insight

Unable to process file type

Trustlook

Unable to process file type

MD5

9e217840127b40379899ea72fb6584c9

SHA-1

b61b57dac496cdf0efb9a1f9fd66c986fdccd0a0

Authentihash

4089fa61ca06a52a2e298c94ced9217b781a68af1479898cb5edb40f04dc07fa

Imphash

483f0c4259a9148c34961abbda6146c1

File Type

Win32 EXE

Magic

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

SSDeep

98304:owB/ZoacJ7zTK3nExL0DG57SwpBj2Lkgs:oXlj0ExL0CUw6Lls

TRiD

Inno Setup installer (81.5%) Win32 Executable Delphi generic (10.5%) Win32 Executable (generic) (3.3%) Win16/32 Executable Delphi generic (1.5%) Generic Win/DOS Executable (1.4%)

File Size

3.3 MB

peexesignedoverlay

Creation Time

2012-07-09 13:41:29

First Seen In The Wild

2010-11-20 23:29:33

First Submission

2014-11-22 05:11:28

Last Submission

2016-06-27 10:34:40

Last Analysis

2017-10-21 01:42:28

Signature Date

2014-11-21 14:15:00

setup.exe
setup(16).exe
HTTP-F6zjeN2nBYsiPjUm2b.exe
9e217840127b40379899ea72fb6584c9
8d6490511a87d81cfc19662db81220843ded047b

F-PROT

INNO

Signature Verification

Signed file, valid signature

File Version Information

Product

Tuneup Pro

Description

Tuneup Pro

File Version

Tuneup Pro

Comments

This installation was built with Inno Setup.

Date signed

2:15 PM 11/21/2014

Signers

TUNEUP PRO SOFTWARE SERVICES LLP
VeriSign Class 3 Code Signing 2010 CA
VeriSign

Counter Signers

Symantec Time Stamping Services Signer - G4
Symantec Time Stamping Services CA - G2
Thawte Timestamping CA

Header

Target Machine

Intel 386 or later processors and compatible processors

Compilation Timestamp

2012-07-09 13:41:29

Entry Point

91256

Contained Sections

Sections

Name

Virtual Address

Virtual Size

Raw Size

Entropy

MD5

.text

4096

82936

82944

6.48

c9bb3afc1ceaaa31127ccfa204c657ef

.itext

90112

3048

3072

6.01

1ba5adf2e1058c0460dcc814ba86fb32

.data

94208

3484

3584

2.67

d5b22eff9e08edaa95f493c1a71158c0

.bss

98304

22348

d41d8cd98f00b204e9800998ecf8427e

.idata

122880

3998

4096

4.97

b47eaca4c149ee829de76a342b5560d5

.tls

126976

d41d8cd98f00b204e9800998ecf8427e

.rdata

131072

512

0.19

3746f5876803f8f30db5bb2deb8772ae

.rsrc

135168

75356

75776

3.97

363182e9809dd635a215d347d7d9f4bf

Imports

advapi32.dll
comctl32.dll
kernel32.dll
oleaut32.dll
user32.dll

Contained Resources By Type

RT STRING

RT ICON

RT RCDATA

RT VERSION

RT MANIFEST

Contained Resources By Language

NEUTRAL

ENGLISH US

Contained Resources

SHA-256

File Type

Type

Language

951a4bfca8cc3ee2241a7bfdf8ca67394486c0b89eb674f6d9eda9c2bd84aa8f

data

RT_ICON

ENGLISH US

9002d4858a481f433c7000d78a52172831d0e334029f532961d2689b0d5c9269

data

RT_ICON

ENGLISH US

a1487f2bc0e9869e0ff260e14bd88c6838a3cb55a283ebf074bd61dd85e4fcad

data

RT_ICON

ENGLISH US

152de348be94068983d78f8100c7ff73cbbbff4eafe841ea32df604fde68a190

data

RT_ICON

ENGLISH US

1c44d63009ecb0d7aca5060635aaa7f06519fb75717ac2e848ae7e1394859eeb

data

RT_ICON

ENGLISH US

CharacterSet

Unicode

CodeSize

86016

Comments

This installation was built with Inno Setup.

CompanyName

tuneuppro.com

EntryPoint

0x16478

FileDescription

Tuneup Pro

FileFlagsMask

0x003f

FileOS

Win32

FileSubtype

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

Tuneup Pro

FileVersionNumber

1.8.0.0

ImageVersion

6.0

InitializedDataSize

83968

LanguageCode

Neutral

LegalCopyright

tuneuppro.com

LinkerVersion

2.25

MIMEType

application/octet-stream

MachineType

Intel 386 or later, and compatibles

OSVersion

5.0

ObjectFileType

Executable application

PEType

PE32

ProductName

Tuneup Pro

ProductVersion

1.08

ProductVersionNumber

1.8.0.0

Subsystem

Windows GUI

SubsystemVersion

5.0

TimeStamp

2012:07:09 14:41:29+01:00

UninitializedDataSize

Files opened

C:\WINDOWS\system32\netmsg.dll
C:\7f2552c4497ee063dce742b8bbe42c2b9be8e4949b6c0d3539539f37917e92ef
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-RQPKQ.tmp\7f2552c4497ee063dce742b8bbe42c2b9be8e4949b6c0d3539539f37917e92ef.tmp
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-76CAT.tmp\_isetup\_shfoldr.dll
C:\WINDOWS\system32\shfolder.dll
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-76CAT.tmp\_isetup\_iscrypt.dll
C:\WINDOWS\system32\shell32.dll
\\.\PIPE\lsarpc
\\.\MountPointManager
C:\WINDOWS\Registration\R000000000007.clb

Files read

C:\7f2552c4497ee063dce742b8bbe42c2b9be8e4949b6c0d3539539f37917e92ef
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\Registration\R000000000007.clb

Files written

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-RQPKQ.tmp\7f2552c4497ee063dce742b8bbe42c2b9be8e4949b6c0d3539539f37917e92ef.tmp
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-76CAT.tmp\_isetup\_shfoldr.dll
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-76CAT.tmp\_isetup\_iscrypt.dll

Files deleted

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-RQPKQ.tmp\7f2552c4497ee063dce742b8bbe42c2b9be8e4949b6c0d3539539f37917e92ef.tmp
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-RQPKQ.tmp\7f2552c4497ee063dce742b8bbe42c2b9be8e4949b6c0d3539539f37917e92ef.tmp
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-76CAT.tmp\_isetup\_iscrypt.dll
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-76CAT.tmp\_isetup\_shfoldr.dll

Processes created

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\is-RQPKQ.tmp\7f2552c4497ee063dce742b8bbe42c2b9be8e4949b6c0d3539539f37917e92ef.tmp" /SL5="$0
C:\WINDOWS\system32\regsvr32.exe" /s "C:\WINDOWS\system32\jscript.dll""

Mutexes opened

TUPP_9C6B374B-5D30-4783-9333-C382146DD9FE
ShimCacheMutex

Runtime DLLs

shell32.dll
comctl32.dll
advapi32.dll
c:\windows\system32\imm32.dll
imm32.dll
uxtheme.dll
shfolder.dll
c:\docume~1\<USER>~1\locals~1\temp\is-76cat.tmp\_isetup\_iscrypt.dll
kernel32.dll
urlmon.dll

Safe 0

Unsafe2

You must be signed in to vote.

anonymous 2015-06-29 17:37:11 -1

anonymous 2015-05-23 09:06:08 -1

No comments

You must be signed in to post a comment.

The page you navigated to does not exist

Oops, I know nothing about this item.

Basic Properties

Tags

History

File names

Packers

Signature Info

Signature Verification

File Version Information

Signers

Counter Signers

Portable Executable Info

Header

Sections

Imports

Exports

Contained Resources By Type

Contained Resources By Language

Contained Resources

Debug Artifacts

ExifTool File Metadata

Email Parents

Execution Parents

Compressed Parents

PE Resource Parents

Packet Capture (PCAP) Parents

Overlay Parents

Bundled Files

File system actions

Command-line output

Files opened

Files read

Files written

Hosts file modification

Files Copied

Files moved

Files replaced

Files downloaded

Files deleted

Registry actions

Registry keys set

Registry keys deleted

Database actions

Databases opened

Databases deleted

Process and service actions

Permissions checked

Processes created

Shell commands

Processes injected

Processes terminated

Windows searched

Service managers opened

Services opened

Services started

Services controlled

Services Stopped

Services deleted

Hooks registered

Activities Started

Activities Stopped

Packages Killed

Synchronization mechanisms

Mutexes created

Mutexes opened

Receivers Started

Receivers Stopped

Modules loaded

Runtime DLLs

Runtime Classes

Invoked methods

Network Communication

HTTP requests

DNS Resolutions

TCP Communication

UDP Communication

Socket connections

SMS messages sent

Votes