» turnsix.exe
Overview
Analysis
File Details
Behaviors (1)

turnsix.exe

InsideCorrect

TrueCrypt Foundation

The executable turnsix.exe has been detected as malware by 23 anti-virus scanners.

File name:

turnsix.exe

Publisher:

Driver Booster 2 (signed by TrueCrypt Foundation)

Product:

InsideCorrect

Description:

Driver Booster 2

Version:

2.4.0.19

MD5:

666b9d3bfc1d7411b08125cd88db626b

SHA-1:

98ca088c4d2ea774bbb7078c60715a6f0f7cce52

SHA-256:

b8cc1ab7aefb405ff5c2af390e3bdf291557e302248085f7802ce7e58ca110f1

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

4/26/2024 3:04:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2612843

525

Avira AntiVirus

TR/Dropper.MSIL.178251

8.3.1.6

Arcabit

Trojan.Generic.D27DE6B

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150828

Baidu Antivirus

Trojan.Win32.Weecnaw

4.0.3.15828

Bitdefender

Trojan.GenericKD.2612843

1.0.20.1200

Emsisoft Anti-Malware

Trojan.GenericKD.2612843

8.15.08.28.09

ESET NOD32

Win32/Spy.Weecnaw

9.12065

Fortinet FortiGate

W32/Weecnaw.A!tr.spy

8/28/2015

F-Secure

Trojan.GenericKD.2612843

11.2015-28-08_6

G Data

Trojan.GenericKD.2612843

15.8.25

IKARUS anti.virus

Trojan-Spy.Agent

t3scan.1.9.5.0

K7 AntiVirus

Spyware

13.207.16831

Kaspersky

Trojan-Spy.Win32.Recam

14.0.0.1511

McAfee

RDN/Generic PWS.y

5600.6659

Microsoft Security Essentials

Trojan:Win32/Skeeyah.A!bit

1.1.11903.0

MicroWorld eScan

Trojan.GenericKD.2612843

16.0.0.720

NANO AntiVirus

Trojan.Win32.Recam.duvhbg

0.30.24.3079

nProtect

Trojan.GenericKD.2612843

15.08.07.01

Panda Antivirus

Generic Suspicious

15.08.28.09

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R03EC0PH515

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

42730

File size:

174.5 KB (178,640 bytes)

Product version:

2.4.0.19

Original file name:

InsideCorrect.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\lakeplay\turnsix.exe

Digital Signature

Signed by:

TrueCrypt Foundation

Authority:

GlobalSign nv-sa

Valid from:

11/9/2009 9:54:34 PM

Valid to:

11/9/2012 9:54:32 PM

Subject:

E=contact@truecrypt.org, CN=TrueCrypt Foundation, O=TrueCrypt Foundation, S=Nevada, C=US

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

01000000000124DA79A3F3

File PE Metadata

Compilation timestamp:

8/3/2004 9:32:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:nNV2b93cFCgImSmOLlDYEZNQhAddL4qCkLwcbqg7DWdJNPB8tHd7OXC2uyPGyeP1:nNVITgImSHdYEDxF2XgYJUl/

Entry address:

0x2AEEE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.4425

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

164 KB (167,936 bytes)

User Start Menu Item

Name:

Turnsix.exe

Remove turnsix.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.