home

usbfix_9.028.exe

Tohalered

Sivensys SRL

The executable usbfix_9.028.exe, “Tohalered Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.headvaultsapplication.com.
Publisher:
Sivensys SRL  (signed and verified)

Product:
Tohalered

Description:
Tohalered Setup

Version:
4.6.2.7

MD5:
462835d3f5f9bd6ceedc25327a551302

SHA-1:
7df9b621ee228d725ce3607edd5f35976d3e2cd7

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
7/4/2025 7:36:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.7.0

File size:
1.2 MB (1,283,312 bytes)

Product version:
2.8

Copyright:
Installer

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\My documents\downloads\usbfix_9.028.exe

Digital Signature
Signed by:
Sivensys SRL

Authority:
GlobalSign nv-sa

Valid from:
10/20/2016 11:04:57 AM

Valid to:
10/21/2017 11:04:57 AM

Subject:
CN=Sivensys SRL, O=Sivensys SRL, L=IASI, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
0D38E905F0B0BA5733036DFB

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9850

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file usbfix_9.028.exe has been seen being distributed by the following URL.

http://www.headvaultsapplication.com/xx2VN1umlafMuGEXXSixBF54OPFcV7Q8mqj4_36tJBti3DKoiOBuyihsMQqpWromqdI05pv7QA S4WqKsN2KosNPRdRQv9insz9Nvd8aJfSma9un5KA QUhU jfjV6M8QR0Zb66LowJ4tdK2cIDamjMipVmA0nx9XxkpL7f8V3QrKLQppdol_sUM4Sp2MuuHItwNcqjX3I9XNv_YvsSdLDYzhTdcS0O9hBIf_dfSVmNce6qjnT9l9SSuiFsyZqSn2LLXTwOyrY3VBruLqhUe17ilvbhK7AUEVrvwxHEwu4h3ZTwJg3JSqDrPVZSPVsqxd Ract0DvMXwLKwqp7Rr9xZokBjv0RWqCeHzGQNDeMt CbCMWyAdHHEemjORMsQQl8PRl22UfItfFHzI_Cpx_OS8LGIZXE6QKHWVxm9dOGdaQUaemBk=-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-75-186.hkg50.r.cloudfront.net  (54.192.75.186:80)

TCP (HTTP):
Connects to server-54-192-75-131.hkg50.r.cloudfront.net  (54.192.75.131:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.114.11:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.151:80)

TCP (HTTP):
Connects to ec2-54-191-59-48.us-west-2.compute.amazonaws.com  (54.191.59.48:80)

TCP (HTTP):
Connects to ec2-54-186-117-168.us-west-2.compute.amazonaws.com  (54.186.117.168:80)

TCP (HTTP):
Connects to ec2-54-154-190-87.eu-west-1.compute.amazonaws.com  (54.154.190.87:80)

TCP (HTTP):
Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com  (52.50.196.247:80)

TCP (HTTP):
Connects to ec2-52-26-136-207.us-west-2.compute.amazonaws.com  (52.26.136.207:80)

TCP (HTTP):
Connects to ec2-34-198-225-71.compute-1.amazonaws.com  (34.198.225.71:80)

TCP (HTTP):
Connects to 92b91b35.rdns.100tb.com  (146.185.27.53:80)

TCP (HTTP):
Connects to 92b91b2d.rdns.100tb.com  (146.185.27.45:80)

Remove usbfix_9.028.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.