» turbocleanpc@clk=aeyuaogj0wgaa_-llqmyjfsjdz03qkvtkqojf7h0guz8awaaaaagaae.exe
Overview
Analysis
File Details
Downloads (1)

turbocleanpc@clk=aeyuaogj0wgaa_-llqmyjfsjdz03qkvtkqojf7h0guz8awaaaaagaae.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from origin.safe-secure4.com.s3.amazonaws.com.

File name:

MD5:

a1de95e75324e2ef2e0a3aa546763f1f

SHA-1:

aa3b0e889e130840ec5131f05277c9e61912d65b

SHA-256:

c81c3aa0ffa6bb9d537e7c142a265ab20cc3e8f08758ce5a2a00d007a1eb4c6e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

3/27/2026 3:10:05 AM UTC (today)

File size:

1.5 MB (1,625,128 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\turbocleanpc@clk=aeyuaogj0wgaa_-llqmyjfsjdz03qkvtkqojf7h0guz8awaaaaagaae.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:wa8gphtehE4VGGbm3F1PQIDNtbcinXBga:98gphMhXVGj3vJ3Rga

Entry address:

0x9C40

Entry point:

74, 6F, 6D, 46, 69, 6C, 65, E9, CB, B3, FF, FF, 8D, 40, 00, E9, C3, B3, FF, FF, 8D, 40, 00, E9, BB, B3, FF, FF, 8D, 40, 00, E9, B3, B3, FF, FF, 8D, 40, 00, E9, AB, B3, FF, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A4, 73, 40, 00, 0C, 00, 00, 00, 10, 73, 40, 00, C4, 29, 40, 00, AC, 28, 40, 00, D4, 28, 40, 00, 48, 75, 40, 00, C4, 75, 40, 00, FC, 75, 40, 00, 2C, 76, 40, 00, 6C, 76, 40, 00, C8, 76, 40, 00, 78, 75, 40, 00, 05, 54, 46, 69, 6C... 
[+]

Entropy:

7.9893 (probably packed)

Code size:

37 KB (37,888 bytes)

The file turbocleanpc@clk=aeyuaogj0wgaa_-llqmyjfsjdz03qkvtkqojf7h0guz8awaaaaagaae.exe has been seen being distributed by the following URL.

http://origin.safe-secure4.com.s3.amazonaws.com/.../TurboCleanPC.exe

Scan turbocleanpc@clk=aeyuaogj0wgaa_-llqmyjfsjdz03qkvtkqojf7h0guz8awaaaaagaae.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.