» installpcstatus.exe
Overview
Analysis
File Details

installpcstatus.exe

The executable installpcstatus.exe has been detected as malware by 11 anti-virus scanners.

File name:

installpcstatus.exe

MD5:

0da75c86279bf04b4f42f8d9ed0a518e

SHA-1:

42ed45cc9224e8da8f76ef61ee2644394f00c589

SHA-256:

2ab85867f7bfd7014fd8200d29cd68ee935ee9da3a4c9f952ad8602ef5021453

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/18/2024 10:13:07 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Spy.4513486

7.11.98.32

Bitdefender

Gen:Variant.Graftor.2974

1.0.20.1365

Emsisoft Anti-Malware

Gen:Variant.Graftor.2974

8.14.09.30.11

G Data

Gen:Variant.Graftor.2974

14.9.22

IKARUS anti.virus

Trojan.Win32.Spy2

t3scan.2.0.127

Kaspersky

not-a-virus:RemoteAdmin.Win32.WinVNC-based

14.0.0.3170

McAfee

Artemis!0DA75C86279B

5600.6991

MicroWorld eScan

Gen:Variant.Graftor.2974

15.0.0.819

Panda Antivirus

Suspicious file

14.09.30.11

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.30.23

Trend Micro House Call

TROJ_GEN.RFFFH01GP13

7.2.273

File size:

4.3 MB (4,513,486 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installpcstatus.exe

File PE Metadata

Compilation timestamp:

6/27/2011 8:32:47 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:72/a/0J3tCiLPbUX03ynGgRXr80POINQEmzUdmDT2U9QmZVqM:72/c0J3tTbUXGglZ+z4gv22rZUM

Entry address:

0x2360

Entry point:

E8, 9A, 26, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E0, D0, 40, 00, 89, 0D, DC, D0, 40, 00, 89, 15, D8, D0, 40, 00, 89, 1D, D4, D0, 40, 00, 89, 35, D0, D0, 40, 00, 89, 3D, CC, D0, 40, 00, 66, 8C, 15, F8, D0, 40, 00, 66, 8C, 0D, EC, D0, 40, 00, 66, 8C, 1D, C8, D0, 40, 00, 66, 8C, 05, C4, D0, 40, 00, 66, 8C, 25, C0, D0, 40, 00, 66, 8C, 2D, BC, D0, 40, 00, 9C, 8F, 05, F0, D0, 40, 00, 8B, 45, 00, A3, E4, D0, 40, 00, 8B, 45, 04, A3, E8, D0, 40, 00, 8D, 45, 08, A3, F4, D0, 40... 
[+]

Entropy:

7.9023 (probably packed)

Code size:

32 KB (32,768 bytes)

Remove installpcstatus.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.