PCSpeedCleanSetup.exe

Downloadius S.a.r.l

The application PCSpeedCleanSetup.exe, “This installer database contains the logic and data required to install PC Speed Clean.” by Downloadius S.a.r.l has been detected as adware by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.apptilio.com.
Publisher:
PC Speed Clean  (signed by Downloadius S.a.r.l)

Product:
PC Speed Clean

Description:
This installer database contains the logic and data required to install PC Speed Clean.

Version:
2.4.8

MD5:
53ab3a254c03336059d31a4015b5286b

SHA-1:
781f37dbf7c19af6c50041d758d27b5facaf514e

SHA-256:
41b547c1ceb0e2958dfb3c5984af51187475feae45073403af6f2966dd41e6a3

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/25/2024 12:54:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.DownloadiusSarl.R
14.8.7.23

VIPRE Antivirus
Downloadius
27326

File size:
5.1 MB (5,393,728 bytes)

Product version:
2.4.8

Copyright:
Copyright (C) 2014 PC Speed Clean

Original file name:
PCSpeedCleanSetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\pcspeedcleansetup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/26/2013 3:00:00 AM

Valid to:
7/26/2016 2:59:59 AM

Subject:
CN=Downloadius S.a.r.l, O=Downloadius S.a.r.l, STREET="7, Avenue Gaston Diderich", L=Luxembourg, S=Luxembourg, PostalCode=L-1420, C=LU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
516E4C889E15D413F8CD7F3121095139

File PE Metadata
Compilation timestamp:
12/10/2013 12:33:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:O5g35mquhnLN55Wm1RQqa3ghiDPNv5/tAkze4JIgS2ZzqU3h75n7VbOt4QEQGV:x6N5W/1tc3zI+Q5nDyGV

Entry address:
0xB83CA

Entry point:
E8, D9, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 7F, FB, FF, FF, 83, C4, 14, 5D, C3, E8, 26, 0C, 00, 00, 8B, 48, 6C, 3B, 0D, B8, A0, 52, 00, 74, 10, 8B, 0D, D0, 9F, 52, 00, 85, 48, 70, 75, 05, E8, 12, 17, 00, 00, A1, B8, 93, 52, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7...
 
[+]

Entropy:
7.7227  (probably packed)

Code size:
946.5 KB (969,216 bytes)

The file PCSpeedCleanSetup.exe has been seen being distributed by the following URL.

Remove PCSpeedCleanSetup.exe - Powered by Reason Core Security