SpeedyPC.exe

SpeedyPC Pro

SpeedyPC Software

This is a part of the SpeedyPC Pro software from ParetoLogic Inc (sometimes bundled through 3rd-party installers). The application SpeedyPC.exe by SpeedyPC Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program SpeedyPC Pro by SpeedyPC Software which is a potentially unwanted software program.
Publisher:
SpeedyPC Software  (signed and verified)

Product:
SpeedyPC Pro

Version:
3.3.16.0

MD5:
cb251eb2dab328dde16aac8d0bd01f2f

SHA-1:
706f192cfd2613657ce2ddcbab67ff6358f55d82

SHA-256:
1ac0ccf49b33355fbde0d84bc738215a61bc647522e47410159121b8f93c85a5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 7:01:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.9.7.19

File size:
5.6 MB (5,829,280 bytes)

Product version:
3.3.16.0

Copyright:
Copyright © 2016 SpeedyPC Software

Original file name:
SpeedyPC.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\speedypc software\speedypc\speedypc.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/3/2014 3:04:19 PM

Valid to:
12/5/2016 10:45:05 AM

Subject:
E=itgroup@paretologic.com, CN=SpeedyPC Software, O=SpeedyPC Software, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11213320B67151B12383D81306118BB25BA1

File PE Metadata
Compilation timestamp:
9/2/2016 3:14:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:A6Xm8p+uAsIxrmUwcgO+wD0DOqCRAxqJXU0XrnF12t37XQOIOSoUZhturt/8RKWw:A6kuXUwhwPAEZDIQOoZhtuZLl

Entry address:
0x34E936

Entry point:
E8, 70, 5C, 01, 00, E9, 7F, FE, FF, FF, 3B, 0D, C0, 35, 90, 00, 75, 02, F3, C3, E9, 09, 29, 00, 00, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 6D, 8B, 45, 08, 85, C0, 75, 13, E8, DC, 6E, 00, 00, 6A, 16, 5E, 89, 30, E8, A6, 64, 01, 00, 8B, C6, EB, 53, 57, 8B, 7D, 10, 85, FF, 74, 14, 39, 75, 0C, 72, 0F, 56, 57, 50, E8, 73, 81, 00, 00, 83, C4, 0C, 33, C0, EB, 36, FF, 75, 0C, 6A, 00, 50, E8, B1, 87, 00, 00, 83, C4, 0C, 85, FF, 75, 09, E8, 9B, 6E, 00, 00, 6A, 16, EB, 0C, 39, 75, 0C, 73, 13, E8, 8D...
 
[+]

Entropy:
6.6500

Code size:
4 MB (4,239,360 bytes)

Scheduled Task
Task name:
SpeedyPC Pro Startup

Trigger:
Logon (Runs on logon)

Description:
Runs SpeedyPC Pro at startup.


The file SpeedyPC.exe has been discovered within the following programs.

SpeedyPC Pro  by SpeedyPC Software
SpeedyPC Pro is registry cleaner utility whose purported purpose is to remove redundant items from the Windows registry. SpeedyPC Pro automates the process of looking for invalid entries, missing file references or broken links within the registry and resolving or removing them.
www.speedypc.com
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to h66-38-130-217.gtcust.grouptelecom.net  (66.38.130.217:80)

TCP (HTTP):
Connects to ec2-52-205-174-195.compute-1.amazonaws.com  (52.205.174.195:80)

TCP (HTTP):
Connects to static-139-142-105-83.gtcust.grouptelecom.net  (139.142.105.83:80)

TCP (HTTP):
Connects to ec2-54-80-125-15.compute-1.amazonaws.com  (54.80.125.15:80)

TCP (HTTP):
Connects to ec2-52-54-139-246.compute-1.amazonaws.com  (52.54.139.246:80)

TCP (HTTP):
Connects to static-209-139-220-151.gtcust.grouptelecom.net  (209.139.220.151:80)

TCP (HTTP):
Connects to ec2-54-84-26-40.compute-1.amazonaws.com  (54.84.26.40:80)

TCP (HTTP):
Connects to ec2-52-73-217-72.compute-1.amazonaws.com  (52.73.217.72:80)

Remove SpeedyPC.exe - Powered by Reason Core Security