home

pcspeedup3.exe

PC Speed Up

Safe Download Limited

The application pcspeedup3.exe by Safe Download Limited has been detected as adware by 2 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn77.airdwnlds.com and multiple other hosts.
Publisher:
Speedchecker Limited   (signed by Safe Download Limited)

Product:
PC Speed Up

Version:
3.4.3.0

MD5:
167ebbc76cc175e2f027559e5caddefa

SHA-1:
1d42a9d70124c9df3109cdbb37d51fb0c235be72

SHA-256:
563bc65d6a330d1c2640bb56529e5fc4abd08d0abd1a375522aff18f32080a10

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/27/2024 1:05:53 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Speedchecker (variant)
8.9511

Reason Heuristics
PUP.Optional.SafeDownloadLimited.K
14.3.7.15

File size:
5.3 MB (5,560,016 bytes)

Product version:
3.4.3.0

Copyright:
Copyright © Speedchecker Limited 2009-2013

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pcspeedup3.exe

Digital Signature
Signed by:
Safe Download Limited

Authority:
DigiCert Inc

Valid from:
7/1/2012 6:00:00 PM

Valid to:
8/26/2014 6:00:00 AM

Subject:
CN=Safe Download Limited, O=Safe Download Limited, L=Douglas, S=Douglas, C=IM

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0DD2FC97B3C6597CABD97B29D9383440

File PE Metadata
Compilation timestamp:
12/20/2011 7:16:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:qkqSLIcIhfzni3WD74niAtCZrIszQPpBIBd1gH3RgtqhqnIGM6Bkga0zV5E:q3SE7h7i6NT8s0MBd1Whaqj6BI0zVW

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.9937

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file pcspeedup3.exe has been seen being distributed by the following 8 URLs.

http://cdn77.airdwnlds.com/downloads/offers/.../pcspeedup3.exe

http://link.pcspeedup.com/aff_r?offer_id=5&aff_id=1524&redirect_pass=1&url=http://www.pcspeedup.com/.../download.aspx?affID=hoffers&k=1020dc51ba62786f5345e43f5a52bf&urlauth=517816918009151339071387475502

http://s8220.minhateca.com.br/File.aspx?e=dYxR8pqky1Nkde8ws8MXeOWgQS0F5NT2crU1n25BQq8sKmyMtorbpP5uu8h6SBIrni6-neBfGCJBRkvJmHUQBne3lz7vacoIdlC62isGTgzM93sb-_E-C-mUxh-HstXAv-KcS1S96YUU9Rzq_SRUNfipHZ0wJL2KKGpbBDQ4vRGbP2cdI5V-2Uef-ihV0SKX&pv=2

http://cdn.airdlr1.com/downloads/offers/.../pcspeedup3.exe

http://mail.pcspeedup.com/.../click?upn=oh1Qc5nqYYZ5nLsreWm-2BiCfe1Pg6uHkikvGa4CEVC-2FRE31d1lM-2BuFTIFzrpHOYmdrh2-2B-2Fmk-2BpLI4I7BLxIa9YqG3cuDSvUHP4LWZO-2FVjAAc-3D_vhKl5hZ2X-2BdkkmmASyGXcABpMOxowBX-2BIX8-2FFqjYz-2FEueMuzSAVg4sWM5GtqOd3J-2FhHmcCSRqvxJzwykVr8j2194ecEEWqQUKB2E5qo0CbkADHlCAFai0n0CnbJI2uoCZ63ha9XqK6zyuatC8Tjw-2BNIkuNm85yJ1jm8R7MdFwKHq0njmZpdvo1jChi6VannvoDq8uEk8qLN2KRnsvpTSrA-3D-3D

https://www.wifiprotector.com/.../response.aspx?&requestId=3755b6a8783742f3bab3a9d84f2b479d&encodedInstallerPath=QzpcaW5ldHB1Ylx3d3dyb290XHByenlzcGllc3prb21wdXRlclxkb3dubG9hZHMvcGNzcGVlZHVwXzEuZXhl

http://www.pcspeedup.com/.../download.aspx?affID=hoffers&k=1028029369cca1a260784266b352a5

http://link.pcspeedup.com/aff_r?offer_id=5&aff_id=1524&redirect_pass=1&url=http://www.pcspeedup.com/.../download.aspx?affID=hoffers&k=1028029369cca1a260784266b352a5&urlauth=403033633997335679803229457469

Remove pcspeedup3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.