awh4ef0.tmp

PC Speed Up

Safe Download Ltd.

The file awh4ef0.tmp by Safe Download has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.pcspeedup.com and multiple other hosts.
Publisher:
Speedchecker Limited   (signed by Safe Download Ltd.)

Product:
PC Speed Up

Version:
3.9.8.0

MD5:
8232950d338f4ab35478e48bac8c7589

SHA-1:
913f32427585446a06628368295df33e7c32902c

SHA-256:
e84746a1d06cc594ad0208df3f1d720eb0afa5d583a2d9e69ca05478d09d4c2a

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/5/2024 4:48:28 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-150508

Dr.Web
Program.Unwanted.12
9.0.1.0128

ESET NOD32
Win32/Speedchecker.B potentially unwanted (variant)
9.11589

File size:
6.6 MB (6,919,128 bytes)

Product version:
3.9.8.0

Copyright:
Copyright © Speedchecker Limited 2009-2015

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\awh4ef0.tmp

Digital Signature
Authority:
Entrust, Inc.

Valid from:
6/30/2014 6:45:32 PM

Valid to:
7/1/2015 5:19:01 AM

Subject:
CN=Safe Download Ltd., O=Safe Download Ltd., L=Douglas, C=IM

Issuer:
CN=Entrust Code Signing Certification Authority - L1D, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US

Serial number:
4C177DE0

File PE Metadata
Compilation timestamp:
12/20/2011 3:16:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:+3SYbMcasEvxXTGpbn5M/B0G3ooHEC+e9Q:+tbMjsyxan2l3XEleC

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file awh4ef0.tmp has been seen being distributed by the following 4 URLs.

http://www.pcspeedup.com/.../download.aspx?k=beforetestjp1&affId=janusz&keyword=beforetestjp1&referencedWebsite=www.pcspeedup.jp&language=ja

Remove awh4ef0.tmp - Powered by Reason Core Security