home

tbaction.exe

Tbaction

Alexander Neuber und Matthias Neuber

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TBAction’.
Publisher:
Windows Software  (signed by Alexander Neuber und Matthias Neuber)

Product:
Tbaction

Description:
media service

Version:
1, 0, 0, 1

MD5:
b5fb8aaf52b39d88e0424608d29c1a8f

SHA-1:
0dcba7f6af1ecd7d6c0f5a46182c2afced89a599

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/23/2024 4:02:21 PM UTC  (today)

Scan engine
Detection
Engine version

Fortinet FortiGate
Spy/Multidr
1/18/2014

File size:
102.7 KB (105,200 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright © 2000

Original file name:
tbaction.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\visual timeanalyzer\tbaction.exe

Digital Signature
Signed by:
Alexander Neuber und Matthias Neuber

Authority:
VeriSign, Inc.

Valid from:
3/18/2004 1:00:00 AM

Valid to:
4/16/2005 1:59:59 AM

Subject:
CN=Alexander Neuber und Matthias Neuber, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Alexander Neuber und Matthias Neuber, L=Halle, S=Sachsen-Anhalt, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2001 CA, OU=Terms of use at https://www.verisign.com/rpa (c)01, OU=VeriSign Trust Network, O="VeriSign, Inc."

Serial number:
17D849C75A754D3B488B1DE9C51E2B74

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:8WgUm40CC2bVg9UeUCby2TH/khVejx8NRFzP:8jZnT6eUCbnwnl

Entry address:
0x12D84

Entry point:
55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, B8, E4, 2C, 41, 00, E8, 4F, 22, FF, FF, 33, C0, 55, 68, 70, 30, 41, 00, 64, FF, 30, 64, 89, 20, 6A, 01, E8, BE, 73, FF, FF, 6A, 00, 8D, 45, EC, 50, B9, 84, 30, 41, 00, BA, 9C, 30, 41, 00, B8, 02, 00, 00, 80, E8, D8, 96, FF, FF, 8B, 55, EC, B8, FC, 5D, 41, 00, E8, A3, 0F, FF, FF, 83, 3D, FC, 5D, 41, 00, 00, 75, 27, 8D, 55, E4, 33, C0, E8, DC, F9, FE, FF, 8B, 45, E4, 8D, 55, E8, E8, 8D, 3B, FF, FF, 8B, 55, E8, B8, FC, 5D, 41, 00, E8, 78, 0F, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
72.5 KB (74,240 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TBAction

Command:
C:\Program Files\visual timeanalyzer\tbaction.exe


Scan tbaction.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.