home

TranslateGeniusSetup.exe

Translate Genius

TGF Interactive LLC

The application TranslateGeniusSetup.exe by TGF Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from vzbucket.appscion.com a known adware distribution point operated by SIEN S.A..
Publisher:
TGF Interactive LLC  (signed and verified)

Product:
Translate Genius

Version:
2.0.1.1

MD5:
8e90e12f17b74e678ae2df03325a8675

SHA-1:
6c6cffa371949dd6baa4b1a548128e06a0fa41ac

SHA-256:
90b679dd0c3abf54cc04edaf9a540c22e9ac29d81d1044a7e32bc8e39c0a5579

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 1:15:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TGFInteractive.Installer (M)
16.2.2.20

File size:
6.3 MB (6,611,280 bytes)

Product version:
2.0.1.1

Copyright:
Copyright (C) TGF Interactive LLC

Original file name:
TranslateGeniusSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\translategeniussetup.exe

Digital Signature
Signed by:
TGF Interactive LLC

Authority:
GoDaddy.com, Inc.

Valid from:
7/10/2013 12:23:56 PM

Valid to:
7/10/2014 12:23:56 PM

Subject:
CN=TGF Interactive LLC, O=TGF Interactive LLC, L=Newport Beach, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
042553FE94BDEF

File PE Metadata
Compilation timestamp:
11/29/2012 12:55:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:uZ+mciFxPzopsGI7sxA7sO1Tx4J8OGzKekyO41n/i6xXKl1cJMxl0ja5DDoyPrQC:idsO/5TCSQuna6kDcWxl00DDhrzqbu

Entry address:
0xAE649

Entry point:
E8, 25, B9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, CF, 44, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, CB, EB, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, AB, 44, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A7, EB, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 7C, 44, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77...
 
[+]

Entropy:
7.5410

Code size:
899 KB (920,576 bytes)

The file TranslateGeniusSetup.exe has been seen being distributed by the following URL.

http://vzbucket.appscion.com/.../TranslateGeniusSetup.exe

Remove TranslateGeniusSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.