home

advancedpctweaker_setup.exe

Advanced PC Tweaker

Guangxi Nanning Qiwang Co. Ltd.

The application advancedpctweaker_setup.exe, “Advanced PC Tweaker Setup ” by Guangxi Nanning Qiwang Co has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.advancedpctweaker.com and multiple other hosts.
Publisher:
AdvancedPCTweaker.com, Inc.   (signed by Guangxi Nanning Qiwang Co. Ltd.)

Product:
Advanced PC Tweaker

Description:
Advanced PC Tweaker Setup

Version:
4.2

MD5:
20ceb19eb16ca8190764a1c6a01e3023

SHA-1:
80cca990228b0234c57ac97de1dd74da1787a8cd

SHA-256:
29e56d9b9ff4f4f7ad820cc0987bcf3e673762efaa93f58ae483c36deebd2566

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 2:28:12 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-140203

Bkav FE
W32.Clod2f2.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt
17403

Dr.Web
WIN.WORM.Virus
9.0.1.034

ESET NOD32
Win32/Adware.RegistryEasy (variant)
8.9145

NANO AntiVirus
Riskware.Win32.AdvPcTweak.cjetpu
0.28.0.57029

Reason Heuristics
Adware.Installer.GuangxiNanningQiwangCo.X
13.12.24.15

Rising Antivirus
PE:Trojan.Win32.Generic.136E364A!325989962
23.00.65.14201

Trend Micro House Call
TROJ_GEN.F47V0917
7.2.34

File size:
2.6 MB (2,713,544 bytes)

Product version:
4.2

Copyright:
Copyright (C) 2007-2012 AdvancedPCTweaker.com, Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\advancedpctweaker_setup.exe

Digital Signature
Signed by:
Guangxi Nanning Qiwang Co. Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/29/2011 3:00:00 AM

Valid to:
6/29/2014 2:59:59 AM

Subject:
CN=Guangxi Nanning Qiwang Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Guangxi Nanning Qiwang Co. Ltd., L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
058EFD81CFC178B930CAA249710DE3B1

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:b2xS3yx3uFk9nZ6zTS1dteU15jFveswT/0eN8JbH2FOQ+6GWomudaTy0:y4yduFaeU/xr6/0eOb6GWomY4y0

Entry address:
0x9A58

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file advancedpctweaker_setup.exe has been seen being distributed by the following 3 URLs.

http://www.advancedpctweaker.com/Download.php

http://www.advancedpctweaker.com/AdvancedPCTweaker_Setup.exe

http://www.advancedpctweaker.com/AdvancedPCTweaker.php

Remove advancedpctweaker_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.