home

pcinst.exe

PCAcceleratePro & Instant support

Installer Technology Co.

The executable pcinst.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.pcaccel.com and multiple other hosts. While running, it connects to the Internet address 172-245-127-102-host.colocrossing.com on port 80 using the HTTP protocol.
Publisher:
Installer Technology  (signed by Installer Technology Co.)

Product:
PCAcceleratePro & Instant support

Version:
1.0.29.3

MD5:
e8f33a56ffb47ea538e7340cc619b897

SHA-1:
a1ddbac0c3ba0d70bd0515fb16d827080fb949b1

SHA-256:
ae9ae9dcdb5ee19ea0259aa4b2824315483a14c68cb44657730077280c16f83d

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/15/2025 7:47:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.1.0

File size:
12.1 MB (12,670,488 bytes)

Product version:
1.0.29.3

Copyright:
Copyright Installer Technology 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\installprepared\pcinst.exe

Digital Signature
Signed by:
Installer Technology Co.

Authority:
COMODO CA Limited

Valid from:
9/27/2016 6:00:00 PM

Valid to:
9/28/2017 5:59:59 PM

Subject:
CN=Installer Technology Co., O=Installer Technology Co., STREET=407 lincoln road, L=miami beach, S=florida, PostalCode=33139, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1B58BBA81BB22C023967D6D579B294FC

File PE Metadata
Compilation timestamp:
2/21/2009 12:46:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, ED, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9937

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file pcinst.exe has been seen being distributed by the following 5 URLs.

https://download.pcaccel.com/getfile.php?f=pcinst&aff=1235

https://download.pcaccel.com/getfile.php?f=pcinst&aff=1234

http://download.pcaccel.com/getfile.php?f=pcinst&aff=106

http://download.pcaccel.com/getfile.php?f=pcinst&aff=102

http://download.pcaccel.com/getfile.php?f=pcinst&aff=1023

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 172-245-127-102-host.colocrossing.com  (172.245.127.102:80)

TCP (HTTP):
Connects to ip-172-18-1-122.ec2.internal  (172.18.1.122:8080)

Remove pcinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.