» pcw_9005.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

pcw_9005.exe

It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. The file has been seen being downloaded from prod.productsystem.s3.amazonaws.com.

File name:

pcw_9005.exe

MD5:

78e38ab47641b5819f87e8150d31c75c

SHA-1:

37f07afb8726dfcf8ee30547122dafa89ff6dd1e

SHA-256:

9918cd17471d4d49e116368ca5cad51eba5e3a6e04f662121ec0e19a6417bba9

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

2/25/2025 9:39:13 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1120

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16301

File size:

308.5 KB (315,904 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\kwhlot\pcw\pcw_9005.exe

File PE Metadata

Compilation timestamp:

3/1/2016 8:49:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:L7d9sYUw6ItwNc4+clCZ9ibv0fBtcEF4p67tr3:Xd72m4+cc3Kv6tcBp4r3

Entry address:

0x152E5

Entry point:

E8, AE, 09, 00, 00, E9, 80, FE, FF, FF, E9, E2, 6A, 00, 00, 3B, 0D, BC, 91, 44, 00, F2, 75, 02, F2, C3, F2, E9, 2D, 06, 00, 00, E9, E5, FF, FF, FF, 55, 8B, EC, FF, 75, 08, E8, F0, FF, FF, FF, 59, 5D, C3, 53, 56, 57, 6A, 00, 68, A0, 0F, 00, 00, 68, 20, A4, 44, 00, E8, D0, 39, 00, 00, 83, C4, 0C, 68, 6C, 90, 43, 00, FF, 15, 74, 80, 43, 00, 8B, F0, 85, F6, 0F, 84, 8C, 00, 00, 00, 68, AC, 92, 43, 00, 56, FF, 15, 70, 80, 43, 00, 68, FC, 92, 43, 00, 56, 8B, D8, FF, 15, 70, 80, 43, 00, 68, E0, 92, 43, 00, 56, 8B... 
[+]

Entropy:

6.4605

Code size:

217.5 KB (222,720 bytes)

Scheduled Task

Task name:

PCW_9005

Path:

\PCW\PCWRunner\PCW_9005

Trigger:

Daily (Runs daily at 10:29 AM)

The file pcw_9005.exe has been seen being distributed by the following URL.

http://prod.productsystem.s3.amazonaws.com/FormRunner_prod.exe

Scan pcw_9005.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.