» tcm801x64.exe
Overview
Analysis
File Details
Programs (1)
Downloads (56)

tcm801x64.exe

Ghisler Software GmbH

This is a setup and installation application. This file is installed with the program Total Commander (Remove or Repair). The file has been seen being downloaded from www.techspot.com and multiple other hosts.

File name:

tcm801x64.exe

Publisher:

Ghisler Software GmbH (signed and verified)

Description:

Total Commander Auto-Installer

Version:

8.0

MD5:

0b644ebe34259c653f7ca3c340af4da9

SHA-1:

7ae28d8c6272fce8f8167a96d0d6c35d1ed95215

SHA-256:

805374ff33c185bc2b5191a8c1b4c19fff4f774856dd1b9fff0189ff0bc9a989

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 5:24:10 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.XPACK/RDM!5.1

23.00.65.131219

File size:

4.1 MB (4,329,488 bytes)

Original file name:

sfxhead.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\tcm801x64.exe

Digital Signature

Signed by:

Ghisler Software GmbH

Authority:

VeriSign, Inc.

Valid from:

8/26/2011 2:00:00 AM

Valid to:

8/26/2012 1:59:59 AM

Subject:

CN=Ghisler Software GmbH, OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ghisler Software GmbH, L=Bolligen, S=Bern, C=CH

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1CD8517B2373647496D551377199DEB5

File PE Metadata

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

2.44

CTPH (ssdeep):

98304:iGh9neV5u0bTgerFWZOeBihl759mORBYFs7H:iGqV5JZFXWihM67

Entry address:

0x12DF0

Entry point:

55, 48, 89, E5, 48, 83, EC, 40, C6, 05, 11, 08, 03, 00, 00, E8, 6C, FF, FF, FF, C9, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 55, 48, 89, E5, 48, 81, EC, B0, 00, 00, 00, 48, 89, 5D, A8, 48, 89, 75, B0, 48, 89, 4D, F8, C6, 45, F0, 00, 48, BE, 00, 00, 00, 00, 00, 00, 00, 00, 48, 8D, 5D, E0, E8, 02, E6, FE, FF, 89, C1, 48, 8B, 55, F8, 41, B9, 10, 00, 00, 00, 48, 89, 74, 24, 20, 49, 89, D8, E8, F9, E5, FE, FF, 85, C0, 74, 02, EB, 05, E9, F5, 00, 00, 00, C7, 45, B8, 00, 00, 00, 00, C6, 45, D8, 01, E9, CF, 00... 
[+]

Code size:

226 KB (231,424 bytes)

The file tcm801x64.exe has been discovered within the following program.

Total Commander (Remove or Repair) by Ghisler Software GmbH

Total Commander is an Orthodox File Manager (OFM) for Windows that features include a built-in FTP client, tabbed interface, file compare, archive file navigation, and a versatile multi-rename tool with regular expression support.

www.ghisler.com

8% remove it

The file tcm801x64.exe has been seen being distributed by the following 50 URLs.

http://www.techspot.com/downloads.php?action=download_now&id=301&evp=5bbfba281f877b9257fb6f663d8a8ea4&file=2

http://www.techspot.com/downloads.php?action=download_now&id=301&evp=1dfffb7bed89b05734ff3b1e78ee7ff0&file=2

http://www.techspot.com/downloads.php?action=download_now&id=301&evp=5b521633f540fa7034d60fed3ae1a367&file=2

http://www.techspot.com/downloads.php?action=download_now&id=301&evp=c7dc8a68a76678f90eb14d65dd06e972&file=2

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=3689ca23d78bf07c82ace83051b35029

http://storage.tahaj.sme.sk/Total.Commander.v8.01.x64.exe

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=d1c52ce2c5db64a996b1ca0055538d74

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=1532e27091ea2e91c6af40aaf8f6497f

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=0af5cf978077807afdd2c04c5e487ba5

http://download.instalki.pl/programy/Windows/Internet/.../tcm801x64_www.INSTALKI.pl.exe

http://www.techspot.com/downloads.php?action=download_now&id=301&evp=7e16fae3971a0321580128e6a25bceee&file=2

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=698cc2965c0c7d9c0d204acdd2606e73

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=52b697dcf2f9a24f433e5d97825c3f0a

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=e0eafdb9b61e2ad242ec8712a9888a08

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=7ae9dcae6dca20fe521d26aae7a4cc70

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=039aa9e39568ef9c3348a712e0060542

http://storage.tahaj.sme.sk/.../Total.Commander.v8.01.x64.exe

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=820404655cfaaf6f680b985549fd2393

http://programki.net/download.php?id_p=33&id_url=5

http://123.qwas.o12.pl/tcm801x64.exe

http://fileforum.betanews.com/sendfile/945901171/3/.../tcm801x64.exe

http://selski.com/pro/index.php?q=uggc://.../gpz801k64.rkr?Rkcverf=1353821734&Fvtangher=FsS-TtIpqpu~ycDji0zT~RF0JsROitXnOkgvq7w6YkFGo1wdRthUaP4CFLyrvH1heiy2E~CpNGpiHaZsoAiuTKBO924aoIuNGktml9obCg6FwDeK74DyljM1CLst866z9-aL6EV1FMcdB5qUZeLnfRyZIAzdWUrnAO67Q4797tR_&Xrl-Cnve-Vq=NCXNWPAVWOIIWMMR336D

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=3a7232dfab18008755b5d38ed2be80eb

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=9b90797a5e9b0e8e6ab4126899e88bea

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=9e1cb897b347b0ae90f285376dcbab32

http://mirror1.bloodman.one.pl/.../get_remote.php?file=tcmd801x64.exe&kat=app&hash=a56ff0c7dfd3660d21b790f8e550d2ba

http://dl.filehorse.com/win/file-transfer-and-networking/.../Total-Commander-8.01-(64-bit).exe

http://www.techspot.com/downloads.php?action=download_now&id=301&evp=75dc656166d0aa797fb0fdde1f367237&file=2

http://www.techspot.com/downloads.php?action=download_now&id=301&evp=b97ac26a6d56d095e5044b4b2eb274c9&file=2

http://www.techspot.com/downloads.php?action=download_now&id=301&evp=e050c3aeb4a020af9b59fecc2db6e224&file=2

Latest 30 of 56 download URLs

Scan tcm801x64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.