home

TBear.Maintenance.exe

TBear.Maintenance

TunnelBear, Inc.

It runs as a separate (within the context of its own process) windows Service named “TunnelBear Maintenance”.
Publisher:
TunnelBear, Inc.  (signed and verified)

Product:
TBear.Maintenance

Version:
1.0.1.0

MD5:
a428f3f1ad0d9db9fe309f90887afc2f

SHA-1:
d4ebe0e0de004e61cd8e7c2eb9659c87332e9338

SHA-256:
a9f5e54583dc2e2e82ff65b218cd9d19c18d1d6786babbce0779f6940efe91d0

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 6:09:22 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Spy.Gen
7.11.30.172

Bkav FE
W32.HfsAdware
1.3.0.6379

F-Secure
Riskware.Application.Bundler.Firseria
11.2016-10-02_4

File size:
38.5 KB (39,424 bytes)

Product version:
1.0.1.0

Copyright:
Copyright © 2013

Original file name:
TBear.Maintenance.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\tunnelbear\tbear.maintenance.exe

Digital Signature
Signed by:
TunnelBear, Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
8/10/2015 9:27:38 PM

Valid to:
8/10/2018 9:27:38 PM

Subject:
CN="TunnelBear, Inc.", O="TunnelBear, Inc.", L=Toronto, S=Ontario, C=CA

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
594155358D1AD741

File PE Metadata
Compilation timestamp:
2/10/2016 1:24:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
48.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:kOQT9so3jzWgiq/upr3cMXDWKxD3DoZJ5HQiXaGVdGR:k1hsozbiqorMMXNzoZR4

Entry address:
0x932E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0013

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
29 KB (29,696 bytes)

Service
Display name:
TunnelBear Maintenance

Service name:
TunnelBearMaintenance

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (52.216.81.11:443)

Scan TBear.Maintenance.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.