» Au_.exe
Overview
Analysis
File Details
Programs (1)

Au_.exe

MyTurboPC

MyTurboPC.com LLC

(Note, the name of the file is not always 'AU_.exe'; the NullSoft NSIS uninstaller changes the original name while copying it to the temporary directory.) The application Au_.exe by MyTurboPC.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program MyTurboPC by MyTurboPC.com which is a potentially unwanted software program.

File name:

Au_.exe

Publisher:

MyTurboPC.com (signed by MyTurboPC.com LLC)

Product:

MyTurboPC

Version:

3.1.4.0

MD5:

dc2b9fdfc1e3bd2fdb252ea12542db2c

SHA-1:

0e1869e36162dea52aefaacf7f8db723176aa47f

SHA-256:

5edcc9334ec964a68c3d2b33904bd212b3871c0d7723dd9732f4ee0275744da1

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 5:06:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.MyTurboPC.D

14.2.17.6

File size:

182.9 KB (187,248 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\au_.exe

Digital Signature

Signed by:

MyTurboPC.com LLC

Authority:

GoDaddy.com, Inc.

Valid from:

8/3/2012 6:19:00 PM

Valid to:

8/2/2013 7:14:40 PM

Subject:

CN=MyTurboPC.com LLC, O=MyTurboPC.com LLC, L=Elkhart, S=IN, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4EA384D4D88CF7

File PE Metadata

Compilation timestamp:

2/24/2012 7:20:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:q5BuYAVrgUCPnRPF3PtU62RBlxn8TdwXjFa2dPWS4oT:q50gUCZF3VU6QxcwXBa2dh/

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

5.3740

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

The file Au_.exe has been discovered within the following program.

MyTurboPC by MyTurboPC.com

Publisher's description - “MyTurboPC is a comprehensive diagnostic program that increases the speed, performance and security of your Windows based personal computer. It cleans your registry, defrag your PC or manage startup items to increase overall speed and performance.”

www.MyTurboPC.com

64% remove it

Remove Au_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.