home

TAVfD.EXE

Tobit.ViProtect

Tobit Software

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Tobit AntiVirus for Desktops’.
Publisher:
Tobit.Software  (signed by Tobit Software)

Product:
Tobit.ViProtect

Version:
10.00a (243)

MD5:
1e9231b568746f769cc3b4dd957f4a21

SHA-1:
606c907ad509ca1c3a3f422bf023fa1cc72c9b3e

SHA-256:
c64b5fff9c151360bd2dce01b0e3f39bf70dd77dec19b64dba8c47cd3ef8ffe0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 7:42:41 AM UTC  (today)

File size:
905.3 KB (926,984 bytes)

Product version:
10.00a (243)

Copyright:
Copyright © 2003, 2007 Tobit.Software

Original file name:
TAVfD.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\tobit.viprotect\tavfd.exe

Digital Signature
Signed by:
Tobit Software

Authority:
VeriSign, Inc.

Valid from:
9/24/2007 2:00:00 AM

Valid to:
11/4/2010 12:59:59 AM

Subject:
CN=Tobit Software, OU=Core Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tobit Software, L=Ahaus, S=NRW, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
09562204E955BE9D629ED32AD87EADE8

File PE Metadata
Compilation timestamp:
2/13/2008 9:05:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:DW6zoM4hong1uqogX1Sl9HZQXmokiIE68y:d0hR1pogFSl9HBiIEq

Entry address:
0x5501A

Entry point:
E8, B3, AB, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Code size:
444 KB (454,656 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Tobit AntiVirus for Desktops

Command:
"C:\Program Files\tobit.viprotect\tavfd.exe" -hide


Scan TAVfD.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.