PCSUSpeedTest.exe

PCSUSpeedTest

Optimal Software s.r.o.

The application PCSUSpeedTest.exe by Optimal Software s.r.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Optimal Software s.r.o.  (signed and verified)

Product:
PCSUSpeedTest

Version:
1.0.41.0

MD5:
42b23d45307bfef6a404848277ced2a3

SHA-1:
4ad970e97fcba878e11f33b220aa02d3428597aa

SHA-256:
a1c4dfb06e7782141bf7cda4fbdef0f2892288ebdf5458b3040dead4c6b034cc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:23:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Speedchecker (L)
17.2.10.14

File size:
12.7 KB (12,960 bytes)

Product version:
1.0.41.0

Copyright:
Copyright © 2016

Original file name:
PCSUSpeedTest.exe

File type:
Executable application (Win32 EXE)

Language:
Swedish (Sweden)

Common path:
C:\Program Files\pc speed up\pcsuspeedtest.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/5/2016 2:00:00 AM

Valid to:
9/20/2017 1:59:59 AM

Subject:
CN=Optimal Software s.r.o., O=Optimal Software s.r.o., STREET=Jablunkovska 2014/40a, L=Cesky Tesin, S=Cesky Tesin, PostalCode=73701, C=CZ

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FA0D67D60CA1E747E6FBD496E484B0D

File PE Metadata
Compilation timestamp:
2/9/2017 5:00:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x2DDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3.5 KB (3,584 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-54-194-67-18.eu-west-1.compute.amazonaws.com  (54.194.67.18:443)

TCP (HTTP SSL):
Connects to ec2-54-154-207-225.eu-west-1.compute.amazonaws.com  (54.154.207.225:443)

TCP (HTTP SSL):
Connects to ec2-54-77-38-116.eu-west-1.compute.amazonaws.com  (54.77.38.116:443)

TCP (HTTP SSL):
Connects to ec2-54-77-187-143.eu-west-1.compute.amazonaws.com  (54.77.187.143:443)

TCP (HTTP SSL):
Connects to ec2-52-214-179-215.eu-west-1.compute.amazonaws.com  (52.214.179.215:443)

TCP (HTTP):
Connects to dig03ny.srv.wifiprotector.com  (104.131.237.38:80)

TCP (HTTP SSL):
Connects to ec2-52-208-6-155.eu-west-1.compute.amazonaws.com  (52.208.6.155:443)

TCP (HTTP):
Connects to dig04nl.srv.wifiprotector.com  (178.62.184.65:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP SSL):
Connects to ec2-34-249-242-51.eu-west-1.compute.amazonaws.com  (34.249.242.51:443)

TCP (HTTP SSL):
Connects to ec2-54-76-91-232.eu-west-1.compute.amazonaws.com  (54.76.91.232:443)

TCP (HTTP SSL):
Connects to ec2-54-229-207-233.eu-west-1.compute.amazonaws.com  (54.229.207.233:443)

TCP (HTTP):
Connects to edis13it.srv.wifiprotector.com  (149.154.157.241:80)

TCP (HTTP):
Connects to edis10cl.srv.wifiprotector.com  (37.235.52.215:80)

TCP (HTTP):
Connects to edis09ch.srv.wifiprotector.com  (151.236.26.173:80)

TCP (HTTP):
Connects to dig23bl.srv.wifiprotector.com  (139.59.17.101:80)

Remove PCSUSpeedTest.exe - Powered by Reason Core Security