home

pc.exe

PCAcceleratePro & Instant support

Installer Technology Co.

The executable pc.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.pcaccel.com and multiple other hosts. While running, it connects to the Internet address 172-245-127-102-host.colocrossing.com on port 80 using the HTTP protocol.
Publisher:
Installer Technology  (signed by Installer Technology Co.)

Product:
PCAcceleratePro & Instant support

Version:
1.0.29.9

MD5:
a585dd50fa24d64d731d1e864da05629

SHA-1:
52c5a7cbe3544f379edb811b0bfd7a41e7b97560

SHA-256:
364d3fc5fd46b4be4898922b924873feeabe7f4faa083f72c425286fc16d37b9

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/15/2025 8:03:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.22.18

File size:
13.1 MB (13,755,552 bytes)

Product version:
1.0.29.9

Copyright:
Copyright Installer Technology 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\pc.exe

Digital Signature
Signed by:
Installer Technology Co.

Authority:
COMODO CA Limited

Valid from:
9/27/2016 5:00:00 PM

Valid to:
9/28/2017 4:59:59 PM

Subject:
CN=Installer Technology Co., O=Installer Technology Co., STREET=407 lincoln road, L=miami beach, S=florida, PostalCode=33139, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1B58BBA81BB22C023967D6D579B294FC

File PE Metadata
Compilation timestamp:
2/21/2009 11:46:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, ED, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9949

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file pc.exe has been seen being distributed by the following 6 URLs.

https://download.pcaccel.com/getfile.php?f=pcinst&aff=106

http://download.pcaccel.com/getfile.php?f=pcinst&aff=1120

https://download.pcaccel.com/getfile.php?f=pcinst&aff=1234

http://download.pcaccel.com/getfile.php?f=pcinst&aff=106

https://download.pcaccel.com/getfile.php?f=pcinst&aff=1023

http://download.pcaccel.com/getfile.php?f=pcinst&aff=1023

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 172-245-127-102-host.colocrossing.com  (172.245.127.102:80)

Remove pc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.