home

pcpowerspeedsetup.exe

PC Power Speed

Crawler, LLC

The application pcpowerspeedsetup.exe, “PC Power Speed Setup ” by Crawler has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.pcpowerspeed.com and multiple other hosts.
Publisher:
Crawler, LLC   (signed by Crawler, LLC)

Product:
PC Power Speed

Description:
PC Power Speed Setup

Version:
2.1.0.4

MD5:
4a391e56709f766c88c272ddfe8d13c4

SHA-1:
12720a7162025cac36a0be4bdd1a4c92180d0a6e

SHA-256:
174904673829c5875fd9a4dbe1420b9c45f94921f301c0b2cddbe955c6a4cc72

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:49:40 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Crawler
4.0.3.141024

Clam AntiVirus
Win.Adware.PCFixSpeed
0.98/21411

Dr.Web
Program.Unwanted.45
9.0.1.0297

Emsisoft Anti-Malware
Gen:Variant.Zusy.81696
8.14.10.24.10

K7 AntiVirus
Unwanted-Program
13.185.13789

Kaspersky
not-a-virus:WebToolbar.Win32.CrawBar
14.0.0.3053

McAfee
Artemis!F004A86F0504
5600.6968

Reason Heuristics
PUP.Installer.Crawler.R
14.10.24.10

Sophos
PC Power Speed
4.98

Trend Micro House Call
Suspicious_GEN.F47V0617
7.2.297

XVirus List
Win32.Detected
2.6.2

File size:
3.7 MB (3,894,152 bytes)

Product version:
2.1.0.4

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pcpowerspeedsetup.exe

Digital Signature
Signed by:
Crawler, LLC

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 6:00:00 PM

Valid to:
1/25/2017 5:59:59 PM

Subject:
CN="Crawler, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48E3A7F6CBA47D0C3FCD17CF81AB3F76

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:2Ag24+nWsQ20gdU2ffrjBgw6DKl0xOGrtVKsGimM:5rnWHq/fmmlGnrvGlM

Entry address:
0xC1C0

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, C8, C0, 40, 00, E8, 60, 86, FF, FF, 33, C0, 55, 68, 85, C8, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 41, C8, 40, 00, 64, FF, 32, 64, 89, 22, A1, 60, E6, 40, 00, E8, 5E, FD, FF, FF, E8, C9, F8, FF, FF, 8D, 55, EC, 33, C0, E8, 93, CA, FF, FF, 8B, 55, EC, B8, 8C, F0, 40, 00, E8, 0A, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 8C, F0, 40, 00, B2, 01...
 
[+]

Entropy:
7.9974

Developed / compiled with:
Microsoft Visual C++

Code size:
46.5 KB (47,616 bytes)

The file pcpowerspeedsetup.exe has been seen being distributed by the following 2 URLs.

http://www.pcpowerspeed.com/es/dnl/config/.../PCPowerSpeedSetup.exe

http://www.pcpowerspeed.com/dnl/config/.../PCPowerSpeedSetup.exe

Remove pcpowerspeedsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.