advancedpctweaker_setup.exe

Advanced PC Tweaker

Guangxi Nanning Qiwang Co. Ltd.

The application advancedpctweaker_setup.exe, “Advanced PC Tweaker Setup ” by Guangxi Nanning Qiwang Co has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.advancedpctweaker.com and multiple other hosts.
Publisher:
AdvancedPCTweaker.com, Inc.   (signed by Guangxi Nanning Qiwang Co. Ltd.)

Product:
Advanced PC Tweaker

Description:
Advanced PC Tweaker Setup

Version:
4.2

MD5:
cb3d75c57b8ac53c2762f7e267308131

SHA-1:
43171dc9d37b99e2fb2ac37068b784f6cfb827dd

SHA-256:
3e36058effc0d41fa4ca7b814284586c727636f98912b8b980d0283d308e81ca

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:17:36 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-140227

Bkav FE
W32.Clod2f2.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt
17403

Dr.Web
WIN.WORM.Virus
9.0.1.058

ESET NOD32
Win32/Adware.RegistryEasy (variant)
8.9434

NANO AntiVirus
Riskware.Win32.AdvPcTweak.cjetpu
0.28.0.57029

Reason Heuristics
PUP.Installer.GuangxiNanningQiwangCo.X
14.2.27.6

Rising Antivirus
PE:Trojan.Win32.Generic.136E364A!325989962
23.00.65.14225

Trend Micro House Call
TROJ_GEN.F47V0917
7.2.58

File size:
2.6 MB (2,713,608 bytes)

Product version:
4.2

Copyright:
Copyright (C) 2007-2012 AdvancedPCTweaker.com, Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\advancedpctweaker_setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/28/2011 7:00:00 PM

Valid to:
6/28/2014 6:59:59 PM

Subject:
CN=Guangxi Nanning Qiwang Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Guangxi Nanning Qiwang Co. Ltd., L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
058EFD81CFC178B930CAA249710DE3B1

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:K2xV3yx3uFk9nZkDDcK2qPilZ5f7EbduXQG4y8EB/ZspFYFfiz1cibmdaTy0:L3yduFTDIKylZSbdoR4Z6/Df4ais4y0

Entry address:
0x9A58

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9888

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file advancedpctweaker_setup.exe has been seen being distributed by the following 6 URLs.

Remove advancedpctweaker_setup.exe - Powered by Reason Core Security