pctum_setup_etl_.exe

CompuClever Systems Inc. PC TuneUp Maestro

CompuClever Systems Inc.

The application pctum_setup_etl_.exe, “PC TuneUp Maestro” by CompuClever Systems has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from dl6.compuclever.com and multiple other hosts.
Publisher:
CompuClever Systems Inc  (signed by CompuClever Systems Inc.)

Product:
CompuClever Systems Inc. PC TuneUp Maestro

Description:
PC TuneUp Maestro

Version:
3.4.3.24

MD5:
64fc5c1eea51054fc8939f10f990979d

SHA-1:
93d366cb094bfcb897d96b8ade2cf580e777b287

SHA-256:
7cefd02a4816d79ae47e8fb7b57ef31a87db802dbcdbd3b377d5cb21e97e907f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 3:12:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CompuClever.Installer.Meta (L)
16.6.10.11

File size:
629.8 KB (644,928 bytes)

Product version:
3.4.3.24

Copyright:
(c) CompuClever Systems Inc. All rights reserved.

Original file name:
pctum_setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pctum_setup_etl_.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/9/2011 7:00:00 PM

Valid to:
11/23/2014 6:59:59 PM

Subject:
CN=CompuClever Systems Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CompuClever Systems Inc., L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
086B696BF064C132159B7367302E7656

File PE Metadata
Compilation timestamp:
4/9/2014 4:11:10 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:v4icYLkPScHiy/zF2yoz1XhQo3EBJqJMbNXJtUqs0GtdcnEwf8:vDwWz1Xloq+pJtXs0IdwP8

Entry address:
0x3A1FC

Entry point:
E8, 5D, 81, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 4C, 23, 46, 00, 00, 74, 05, E9, 0F, 82, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA...
 
[+]

Entropy:
6.8028

Code size:
296 KB (303,104 bytes)

The file pctum_setup_etl_.exe has been seen being distributed by the following 8 URLs.

Remove pctum_setup_etl_.exe - Powered by Reason Core Security