home

toolboxinstall2011.exe

TurnTool ApS

This is a setup program which is used to install the application. The file has been seen being downloaded from tt11.turntool.com.
Publisher:
TurnTool ApS  (signed and verified)

MD5:
0657b12d6c271d9cbf55af4a3d844f9a

SHA-1:
1a528ba65000b490587291d97b4e7f4b9cebd253

SHA-256:
c1467b3777772965c3e9a6b53e4c78972b6e5e8a871dab22d8de4b67d09f433b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/4/2024 10:48:29 AM UTC  (today)

File size:
3.2 MB (3,396,768 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\toolboxinstall2011.exe

Digital Signature
Signed by:
TurnTool ApS

Authority:
Thawte, Inc.

Valid from:
5/17/2011 8:00:00 PM

Valid to:
5/20/2012 7:59:59 PM

Subject:
CN=TurnTool ApS, OU=SECURE APPLICATION DEVELOPMENT, O=TurnTool ApS, L=Aarhus, S=Aarhus, C=DK

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09CC96ACD661CDD7FEE52C720C74855C

File PE Metadata
Compilation timestamp:
7/20/2011 3:54:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:mD5+NpMU1NMxFuwEWUZ9+lqL58894Y/JdeNI2+hvC4y5gAGhIwtLVxuWr3DY:mDKyu7JSlqZ7Pmjm9hIwlj0

Entry address:
0x51C7F0

Entry point:
60, BE, 00, 20, 5E, 00, 8D, BE, 00, F0, E1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.7699

Packer / compiler:
UPX 2.90LZMA

Code size:
3.2 MB (3,387,392 bytes)

The file toolboxinstall2011.exe has been seen being distributed by the following URL.

http://tt11.turntool.com/ToolboxInstall2011.exe

Scan toolboxinstall2011.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.