Pccom.exe

Pccom

Adwill Communications Co., LTD.

The application Pccom.exe by Adwill Communications Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address i0-h0-s386.p59-icn.cdngp.net on port 80 using the HTTP protocol.
Publisher:
애드윌커뮤니케이션즈  (signed by Adwill Communications Co., LTD.)

Product:
Pccom

Description:
Pccom 프로그램

Version:
1.0.0.0

MD5:
b650c630bc4482ac88b7923abdeaf740

SHA-1:
f8023a44077e10bd05671c97562ffb23c62c67ec

SHA-256:
34ddd9fb51601225307d29e599dff36382b71edcd682b0a49b2d4cef6f35d253

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 1:31:08 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.AdwillCo
16.12.21.18

File size:
1.3 MB (1,360,712 bytes)

Product version:
1.0.0.0

Copyright:
Copyright ⓒ 애드윌커뮤니케이션즈 All Rights Reserved.

Original file name:
Pccom.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\pccom\pccom.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
5/20/2016 7:50:52 PM

Valid to:
7/17/2017 3:15:46 PM

Subject:
CN="Adwill Communications Co., LTD.", OU=Dev Team, O="Adwill Communications Co., LTD.", L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112141CDBF5AA5B6E1AC71BE06922FD38794

File PE Metadata
Compilation timestamp:
12/18/2016 1:41:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x4B4C40

Entry point:
60, BE, 00, 70, 7C, 00, 8D, BE, 00, A0, C3, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.3714

Packer / compiler:
UPX 2.90LZMA

Code size:
952 KB (974,848 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to hn.kd.ny.adsl  (42.236.126.145:443)

TCP (HTTP):
Connects to server-54-230-182-153.icn50.r.cloudfront.net  (54.230.182.153:80)

TCP (HTTP SSL):
Connects to server-54-192-183-209.icn50.r.cloudfront.net  (54.192.183.209:443)

TCP (HTTP):
Connects to server-52-85-119-6.icn51.r.cloudfront.net  (52.85.119.6:80)

TCP (HTTP):
Connects to i0-h0-s386.p59-icn.cdngp.net  (14.0.70.168:80)

TCP (HTTP):
Connects to i0-h0-s1611.p59-icn.cdngp.net  (14.0.77.76:80)

TCP (HTTP SSL):
Connects to hkg12s10-in-f46.1e100.net  (216.58.203.46:443)

TCP (HTTP SSL):
Connects to hkg12s10-in-f1.1e100.net  (216.58.203.33:443)

TCP (HTTP SSL):
Connects to hkg07s02-in-f130.1e100.net  (216.58.221.130:443)

TCP (HTTP):
Connects to hkg07s01-in-f98.1e100.net  (216.58.221.98:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a118-215.57-156.deploy.akamaitechnologies.com  (118.215.57.156:80)

Remove Pccom.exe - Powered by Reason Core Security