home

PCTuneUp.exe

PC Tune-Up

NNJ Corporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MRC’.
Publisher:
Large Software  (signed by NNJ Corporation)

Product:
PC Tune-Up

Version:
2.1.1.15

MD5:
1e05fee2202fc63892539d70796fb62d

SHA-1:
d7d2f9538f2db7dc261b56dc4c99459772fa4e80

SHA-256:
6673d22688a45daf627894738cb32d39bd02f4af7873631be51c38d0b6a682b1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 4:51:03 AM UTC  (today)

Scan engine
Detection
Engine version

Sophos
PUA 'PC Tune-up'
5.22

File size:
2.9 MB (3,086,152 bytes)

Product version:
2.1.1.15

Copyright:
Large Software

Trademarks:
Large Software

Original file name:
PCTuneUp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pc tune-up\pctuneup.exe

Digital Signature
Signed by:
NNJ Corporation

Authority:
VeriSign, Inc.

Valid from:
2/11/2011 12:00:00 AM

Valid to:
2/10/2012 11:59:59 PM

Subject:
CN=NNJ Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NNJ Corporation, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
602690E034C128A219C102CF349835E2

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:ebVeL0QRmU3tNF3xr2eJX+/V3sEwRQt8Z5crRb9ZObokpInYwvC:eZeL0QZhr2n8RKUGrRxZOUkpGY6C

Entry address:
0x1000

Entry point:
68, 01, 70, 83, 00, E8, 01, 00, 00, 00, C3, C3, 0C, BB, 0E, 11, AB, 4D, 48, 64, 62, EA, E3, 5F, A1, A7, 34, 66, 15, 1E, CD, 2C, 53, EA, EE, AF, 0B, B5, C9, DE, 67, 48, 21, 47, 2B, 2D, 1A, 84, D1, 98, 36, 9F, 1A, 11, 69, 67, FA, E2, CE, F0, 72, E8, 50, D4, 8E, AD, DA, BB, B0, 6F, F1, 4B, 12, 30, 24, 22, 71, 64, BA, A1, A7, 38, 4B, 87, A0, 5B, 2B, C5, 11, 55, BB, 50, 56, 22, 57, 7E, 25, 96, 30, 50, 7F, 19, DD, 4B, 6B, 63, D4, 31, 82, C4, B0, 30, 2B, BE, 9C, 9A, DE, 5A, 52, 30, EB, C3, 81, CF, 2E, A6, 88, B4...
 
[+]

Entropy:
7.2582

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
2 MB (2,100,224 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MRC

Command:
"C:\Program Files\pc tune-up\pctuneup.exe" \mbrstart


Scan PCTuneUp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.