pcfixspeedsetup_210_20140214.exe

PC Fix Speed

Crawler, LLC

The application pcfixspeedsetup_210_20140214.exe, “PC Fix Speed Setup ” by Crawler has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from drzwu57ht9dxd.cloudfront.net and multiple other hosts.
Publisher:
Crawler, LLC   (signed by Crawler, LLC)

Product:
PC Fix Speed

Description:
PC Fix Speed Setup

Version:
1.2.0.42

MD5:
08fb0c0691f322fefe82901669f8f2ee

SHA-1:
296c01da88b3603c635425231ab00513de17fc5f

SHA-256:
8ddcc3b9d31c4db73257553e84b0c6c8181f0dd2ef69dea7c7f8b31e314270fa

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:34:01 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
Adware Skodna.Bundle_c.EO
2014.0.3986

Clam AntiVirus
Win.Adware.PCFixSpeed
0.98/19073

Dr.Web
riskware program Program.Unwanted.45
9.0.1.05190

NANO AntiVirus
Riskware.Win32.Unwanted.cuwtlb
0.28.0.60475

Reason Heuristics
PUP.Installer.Crawler.CC
14.8.8.2

Sophos
PC Power Speed
4.98

File size:
3.4 MB (3,580,296 bytes)

Product version:
1.2.0.42

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pcfixspeedsetup_210_20140214.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 7:00:00 PM

Valid to:
1/25/2017 6:59:59 PM

Subject:
CN="Crawler, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48E3A7F6CBA47D0C3FCD17CF81AB3F76

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:GFxgz9HsRen5e+8AbeJXn3O9je9YPqH7qmqrksGim:aeRHsRens+8ayk+7vqtGl

Entry address:
0xC1C0

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, C8, C0, 40, 00, E8, 60, 86, FF, FF, 33, C0, 55, 68, 85, C8, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 41, C8, 40, 00, 64, FF, 32, 64, 89, 22, A1, 60, E6, 40, 00, E8, 5E, FD, FF, FF, E8, C9, F8, FF, FF, 8D, 55, EC, 33, C0, E8, 93, CA, FF, FF, 8B, 55, EC, B8, 8C, F0, 40, 00, E8, 0A, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 8C, F0, 40, 00, B2, 01...
 
[+]

Entropy:
7.9969  (probably packed)

Code size:
46.5 KB (47,616 bytes)

The file pcfixspeedsetup_210_20140214.exe has been seen being distributed by the following 4 URLs.

Remove pcfixspeedsetup_210_20140214.exe - Powered by Reason Core Security