home

advancedpctweaker_setup.exe

Advanced PC Tweaker

Guangxi Nanning Qiwang Co. Ltd.

The application advancedpctweaker_setup.exe, “Advanced PC Tweaker Setup ” by Guangxi Nanning Qiwang Co has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from evidesmart.regfast.hop.clickbank.net and multiple other hosts.
Publisher:
AdvancedPCTweaker.com, Inc.   (signed by Guangxi Nanning Qiwang Co. Ltd.)

Product:
Advanced PC Tweaker

Description:
Advanced PC Tweaker Setup

Version:
4.2

MD5:
8146536f990edc0885f5cd538ae928f7

SHA-1:
ff21d3749e8216acede8ed31b2e5775e183e10df

SHA-256:
bbf5a1eb73da2187579cd0bd3158c4a53be226f3ca15a7ecae76dc795281df21

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 3:07:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-140301

Bkav FE
W32.Clod2f2.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt
17403

Dr.Web
WIN.WORM.Virus
9.0.1.0343

ESET NOD32
Win32/Adware.RegistryEasy (variant)
7.9145

NANO AntiVirus
Riskware.Win32.AdvPcTweak.cjetpu
0.28.0.57029

Reason Heuristics
PUP.Installer.GuangxiNanningQiwangCo.X
14.3.1.4

Rising Antivirus
PE:Trojan.Win32.Generic.136E364A!325989962
23.00.65.14227

Trend Micro House Call
TROJ_GEN.F47V0917
7.2.343

File size:
2.6 MB (2,713,696 bytes)

Product version:
4.2

Copyright:
Copyright (C) 2007-2012 AdvancedPCTweaker.com, Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\advancedpctweaker_setup.exe

Digital Signature
Signed by:
Guangxi Nanning Qiwang Co. Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/28/2011 7:00:00 PM

Valid to:
6/28/2014 6:59:59 PM

Subject:
CN=Guangxi Nanning Qiwang Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Guangxi Nanning Qiwang Co. Ltd., L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
058EFD81CFC178B930CAA249710DE3B1

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:B2xZXl87bXWi7LM0cc4M/byxkHhYms/8mT2I0LhocgTA5/JE9daTy0:EXXWXGmI0ce/L/Q8mT2I0LhH5/Sz4y0

Entry address:
0x9A58

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9887

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file advancedpctweaker_setup.exe has been seen being distributed by the following 7 URLs.

http://evidesmart.regfast.hop.clickbank.net/?gid=&yid=&aid=&tid=fixexe&qs=AdvancedPCTweaker_Setup.exe

http://evidesmart.regfast.hop.clickbank.net/hop/?CBRehoppp2=http://www.advancedpctweaker.com?hop=evidesmart&hstr=1380976824655|evidesmart.fixexe||sg9h65epph|regfast&code={}&key=02E5459D&parms=gid=&yid=&aid=&qs=AdvancedPCTweaker_Setup.exe&s=default&ds=0

http://www.advancedpctweaker.com/Download.php

http://evidesmart.regfast.hop.clickbank.net/?gid=&yid=&aid=&tid=repair&qs=AdvancedPCTweaker_Setup.exe

http://evidesmart.regfast.hop.clickbank.net/hop/?CBRehoppp2=http://www.advancedpctweaker.com?hop=evidesmart&hstr=1388246386660|evidesmart.repair||tvkk6redy5|regfast&code={0}&key=9F5E6910&parms=gid=&yid=&aid=&qs=AdvancedPCTweaker_Setup.exe&s=default&ds=0

http://www.advancedpctweaker.com/?hop=evidesmart&gid=&yid=&aid=&qs=AdvancedPCTweaker_Setup.exe

http://www.advancedpctweaker.com/AdvancedPCTweaker_Setup.exe

Remove advancedpctweaker_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.