pci_filerecovery.exe

My Program

WebAttack, Inc.

The application pci_filerecovery.exe, “My Program Setup ” by WebAttack has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.snapfiles.com.
Publisher:
WebAttack, Inc.  (signed and verified)

Product:
My Program

Description:
My Program Setup

MD5:
d7180351d7147675ef20988731589dfd

SHA-1:
cb64648c2d1b9526b392270aa589bc7f63fafe98

SHA-256:
3e72426f06822ae12263e3baa65b915c8f7ffc79e7c8d3e735917151a3f90d44

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 6:22:04 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.184.204

AVG
Generic
2015.0.3293

ESET NOD32
Win32/InstallCore.PZ potentially unwanted application
7.0.302.0

NANO AntiVirus
Riskware.Win32.InstallCore.dfgmiy
0.28.6.62995

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.3

File size:
703.7 KB (720,568 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pci_filerecovery.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/23/2014 4:00:00 AM

Valid to:
7/24/2015 3:59:59 AM

Subject:
CN="WebAttack, Inc.", O="WebAttack, Inc.", STREET="4044 W. Lake Mary Blvd., Unit# 104-350", L=Lake Mary, S=Florida, PostalCode=32746, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3523D0B421916B3196E7D04C1183676D

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:zsFad+gYmdhSITk920CwgC/60V6R8nJ0s/WJDmY9sOGJciTisGeBcZDcXV8p:zsF8+g9pYZ9/60Vg8n/eyY9s3JciTPBC

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8817

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file pci_filerecovery.exe has been seen being distributed by the following URL.

Remove pci_filerecovery.exe - Powered by Reason Core Security