powerclockserver.exe

Power Clock Server 2016.3

Robbie Fletcher

The application powerclockserver.exe, “Power Clock Server 2016.3 Setup ” by Robbie Fletcher has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.powerclock.com.
Publisher:
Robbie Fletcher   (signed by Robbie Fletcher)

Product:
Power Clock Server 2016.3

Description:
Power Clock Server 2016.3 Setup

Version:
2016.3

MD5:
ae9bd388da1adb853127bb3ea5ae9ea2

SHA-1:
96eceb18f8a8af5ff34e2b651db4a937bb1894ee

SHA-256:
e8f16b236b710acf20fc1430b5eb4ffd658298cc1f43b6f5e946076e6bdcf8b9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 6:59:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
17.2.15.9

File size:
3.4 MB (3,560,392 bytes)

Product version:
Power Clock Server 2016.3

Copyright:
Robbie Fletcher

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\powerclockserver.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/22/2014 2:00:00 AM

Valid to:
7/22/2017 1:59:59 AM

Subject:
CN=Robbie Fletcher, O=Robbie Fletcher, STREET=8310 S Toledo, L=Tulsa, S=OK, PostalCode=74137, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BCF70929E60F181B982DAF8B64DC9D8E

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9966

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file powerclockserver.exe has been seen being distributed by the following URL.

http://www.powerclock.com/powerclockserver.exe

Remove powerclockserver.exe - Powered by Reason Core Security