» DoctorPC.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

DoctorPC.exe

Dragon Big Lab

The application DoctorPC.exe by Dragon Big Lab has been detected as a potentially unwanted program by 6 anti-malware scanners. This file is typically installed with the program Doctor PC by Dragon Big Lab which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address box1290.bluehost.com on port 80 using the HTTP protocol.

File name:

DoctorPC.exe

Publisher:

Doctor PC (signed by Dragon Big Lab)

Product:

Doctor PC

Version:

2.6.7.0

MD5:

0d24f261a182fee68e5fbb4e79174a02

SHA-1:

d6c19fbc135a1e23f56ce787cf209e865173d0e8

SHA-256:

756b4ff8d5066fd79594c46d0bf38b29af9497708078b00275235da5ec899d98

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/26/2024 3:33:33 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.15115

ESET NOD32

Win32/Toolbar.CrossRider.BM (variant)

9.11018

Malwarebytes

PUP.Optional.DrPC.A

v2015.01.15.04

Reason Heuristics

PUP.Optional.DragonBigLab.I

15.1.15.16

Trend Micro House Call

Suspicious_GEN.F47V0115

7.2.15

VIPRE Antivirus

Crossrider

36680

File size:

4.8 MB (4,991,944 bytes)

Product version:

2.6.7.0

Original file name:

DoctorPC.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\doctor pc\doctor pc 2.6.7\install\df088ba\doctorpc.exe

Digital Signature

Signed by:

Dragon Big Lab

Authority:

COMODO CA Limited

Valid from:

8/18/2014 8:00:00 PM

Valid to:

8/19/2015 7:59:59 PM

Subject:

CN=Dragon Big Lab, O=Dragon Big Lab, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5C962D18EA9BECD72508C97E4F8FCD67

File PE Metadata

Compilation timestamp:

12/8/2014 5:29:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:GkkC0hHHhHHhHHHu9AFp8pJgrpQlg7pbJbku1TkaBq57BoO92DHK7SYxH+DB:GC9AFp8pJCpQlcBpq7bwK76d

Entry address:

0x4A9F5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2132

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

4.7 MB (4,882,432 bytes)

The file DoctorPC.exe has been discovered within the following program.

Doctor PC by Dragon Big Lab

About 57% of users remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to box1290.bluehost.com (50.87.249.90:80)

Remove DoctorPC.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.