schnellerpca.exe

SchnellerPC

Software Marketing Ltd

The application schnellerpca.exe, “Fix PC problems and optimize performance ” by Software Marketing has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from download.schnellerpc.com.
Publisher:
Software Marketing Ltd   (signed by Software Marketing Ltd)

Product:
SchnellerPC

Description:
Fix PC problems and optimize performance

Version:
3.1

MD5:
40622d2611342d0cd68b294bff9a3d34

SHA-1:
6fd0f901266b35440285abe65e39f1342029b284

SHA-256:
e049f8ec01bf6524582bb6904f35c36e0c94752fb4ae85bbfa8fe1177321c5a1

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 4:57:41 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.SpeedingUpMyPC
4.0.3.151211

Comodo Security
UnclassifiedMalware
17082

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
multiple threats
7.0.302.0

NANO AntiVirus
Trojan.Win32.SpeedingUpMyPC.bejvkf
0.26.0.55366

Reason Heuristics
PUP.SoftwareMarketing.Installer.Meta (L)
15.12.11.19

File size:
2.6 MB (2,753,040 bytes)

Product version:
3.1

Copyright:
Software Marketing Ltd

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\schnellerpca.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
6/18/2012 9:52:28 PM

Valid to:
6/14/2013 2:59:41 AM

Subject:
CN=Software Marketing Ltd, O=Software Marketing Ltd, L=Hong Kong, S=HK, C=HK

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0810F8CE27C48A

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:JaEeOK7500rh/qSDskya+i9TKqmIqXqX6a19dyDf7uAaJ:AEet7J/noi9uqmIxXTCDuV

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file schnellerpca.exe has been seen being distributed by the following URL.

Remove schnellerpca.exe - Powered by Reason Core Security