PccomUpdate.exe

Pccom

Adwill Communications Co., LTD.

The application PccomUpdate.exe by Adwill Communications Co. has been detected as a potentially unwanted program by 8 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named Pccom triggered to execute each time a user logs in.
Publisher:
애드윌커뮤니케이션즈  (signed by Adwill Communications Co., LTD.)

Product:
Pccom

Description:
Pccom 업데이트 프로그램

Version:
1.0.0.0

MD5:
f41226b9dd2dbbb93d5861f00171ad74

SHA-1:
7d950351075cdcb9a98d883d99636d35f10062e9

SHA-256:
fa4bb1dfc7cd4b0f68e47e9c6d2428c856ff8816043d12894c4c78e41104ee78

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 12:48:20 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
18857

ESET NOD32
Win32/AdWare.Kraddare.JL (variant)
9.11475

McAfee
Artemis!05E928120968
5600.6722

Reason Heuristics
PUP.Optional.AdwillCommunicationsCo.Task
15.6.27.0

Sophos
Generic PUA MG
4.98

Trend Micro House Call
Suspicious_GEN.F47V0701
7.2.178

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
31300

File size:
2.6 MB (2,712,752 bytes)

Product version:
1.0.0.0

Copyright:
Copyright ⓒ 애드윌커뮤니케이션즈 All Rights Reserved.

Original file name:
PccomUpdate.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\pccom\pccomupdate.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/11/2014 2:20:38 PM

Valid to:
5/17/2015 3:15:46 PM

Subject:
CN="Adwill Communications Co., LTD.", OU=Dev Team, O="Adwill Communications Co., LTD.", L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112124D894DD2342DADF6A97FAFAF674D5D3

File PE Metadata
Compilation timestamp:
4/3/2015 10:18:52 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:dKkRTTtIhM1Fx+SO/ubvkIeHLX6NDzEh3eFTEcCk:4kltI2k76NDzEh3enC

Entry address:
0x1F1E60

Entry point:
55, 8B, EC, 83, C4, E8, 53, 33, C0, 89, 45, E8, 89, 45, EC, B8, E0, 61, 5E, 00, E8, AF, 9C, E1, FF, 8B, 1D, 5C, DE, 5F, 00, 33, C0, 55, 68, 2B, 1F, 5F, 00, 64, FF, 30, 64, 89, 20, 8B, 03, E8, 28, 25, F4, FF, 8B, 03, B2, 01, E8, 3F, 42, F4, FF, 8B, 03, C6, 40, 5F, 00, 8B, 03, BA, 44, 1F, 5F, 00, E8, 05, 1F, F4, FF, 8D, 55, EC, 8B, 03, E8, 1B, 1E, F4, FF, 8B, 45, EC, E8, 0B, 69, E1, FF, 50, 6A, 00, 68, 01, 00, 1F, 00, E8, BA, D2, E1, FF, 85, C0, 74, 08, 50, E8, 8C, CF, E1, FF, EB, 36, 8D, 55, E8, 8B, 03, E8...
 
[+]

Entropy:
6.4801

Developed / compiled with:
Microsoft Visual C++

Code size:
1.9 MB (2,032,640 bytes)

Scheduled Task
Task name:
Pccom

Trigger:
Logon (Runs on logon)


Remove PccomUpdate.exe - Powered by Reason Core Security