home

DoctorPC.exe

Dragon Big Lab

The application DoctorPC.exe by Dragon Big Lab has been detected as a potentially unwanted program by 7 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Doctor PC  (signed by Dragon Big Lab)

Product:
Doctor PC

Version:
2.6.5.0

MD5:
cd560440d12e7e8dc7e6a3879ef6a433

SHA-1:
2149dd927b90710819ce22bce5accda9a87a4638

SHA-256:
4a21e4217dd18419b86edb6fa29e3bfcf572e1153382fb957156a29499bcfcbe

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/27/2024 2:29:50 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.16214

Bkav FE
W32.HfsAdware
1.3.0.6379

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
10.7.0.302.0

Malwarebytes
PUP.Optional.DrPC.A
v2016.02.14.03

Reason Heuristics
Win32.Generic
16.2.14.3

Trend Micro House Call
Suspicious_GEN.F47V0115
7.2.45

VIPRE Antivirus
Crossrider
36680

File size:
4.7 MB (4,971,976 bytes)

Product version:
2.6.5.0

Copyright:
Copyright © 2014

Original file name:
DoctorPC.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\doctor pc\doctor pc 2.6.5\install\84f2cc6\doctorpc.exe

Digital Signature
Signed by:
Dragon Big Lab

Authority:
COMODO CA Limited

Valid from:
8/19/2014 3:00:00 AM

Valid to:
8/20/2015 2:59:59 AM

Subject:
CN=Dragon Big Lab, O=Dragon Big Lab, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5C962D18EA9BECD72508C97E4F8FCD67

File PE Metadata
Compilation timestamp:
11/21/2014 9:24:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:0akC0hHHhHHhHHHE9AFp8pJgrpQlg7pbJYLQPLquL6qxHgk1Zl8gY:029AFp8pJCpQlc/YyquLR1O

Entry address:
0x4A51A2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 4A, 00, 0C, 00, 00, 00, A4, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.6 MB (4,862,464 bytes)

Remove DoctorPC.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.