PCSpeedCleanSetup.exe

PC Speed Clean

Downloadius S.a.r.l

The application PCSpeedCleanSetup.exe, “This installer database contains the logic and data required to install PC Speed Clean.” by Downloadius S.a.r.l has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.apptilio.com and multiple other hosts.
Publisher:
Downloadius S.a.r.l  (signed and verified)

Product:
PC Speed Clean

Description:
This installer database contains the logic and data required to install PC Speed Clean.

Version:
2.5.5.27

MD5:
cd337b0d35e5245742fba18349d03edd

SHA-1:
58825f772031170a297610c90f5ff6c89d6c77dd

SHA-256:
ac8ebe3477dffcb869968b29fceac3bb66a417d3e51c1195b95056ab56382a55

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/25/2024 1:01:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.DownloadiusSarl.R
14.8.7.23

VIPRE Antivirus
Downloadius
31306

File size:
5.3 MB (5,562,760 bytes)

Product version:
2.5.5.27

Copyright:
Copyright (C) 2014 Downloadius S.A.R.L

Original file name:
PCSpeedCleanSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\pcspeedcleansetup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/25/2013 8:00:00 PM

Valid to:
7/25/2016 7:59:59 PM

Subject:
CN=Downloadius S.a.r.l, O=Downloadius S.a.r.l, STREET="7, Avenue Gaston Diderich", L=Luxembourg, S=Luxembourg, PostalCode=L-1420, C=LU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
516E4C889E15D413F8CD7F3121095139

File PE Metadata
Compilation timestamp:
5/21/2014 5:03:40 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:l2BxX/sFFsoWHKeZN35AGJoqTRpA1cI6oPgDH5TN1VrlcgR8kj7Pvl9tf:lWPT5AGJo8z24b553+gR8mPvl9R

Entry address:
0xC4C6B

Entry point:
E8, 42, CC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 5E, 4E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, C6, D5, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 3A, 4E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A2, D5, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 0B, 4E, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77...
 
[+]

Entropy:
7.7193  (probably packed)

Code size:
1004 KB (1,028,096 bytes)

The file PCSpeedCleanSetup.exe has been seen being distributed by the following 3 URLs.

Remove PCSpeedCleanSetup.exe - Powered by Reason Core Security