k9pcp.exe

k9pcp

SUPER TUNEUP TECHNOLOGIES LLP

The application k9pcp.exe by SUPER TUNEUP TECHNOLOGIES LLP has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program K9-PC Protector by The Phone Support Pvt. Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address https-178-79-242-0.fra.llnw.net on port 80 using the HTTP protocol.
Publisher:
K9Tools  (signed by SUPER TUNEUP TECHNOLOGIES LLP)

Product:
k9pcp

Description:
K9-PC Protector

Version:
1.0.0.19656

MD5:
175963fa9b0782244e0dda6a6ac2b9ed

SHA-1:
fd4c1485529479388410fcb4c8a197cdb222960a

SHA-256:
bdc284c2fa81d8707253e547b7b7ad7baa4695d6afdb5d520a7057e76102aee1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
6/20/2018 9:55:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SecurePCCleaner.SUPERTUN.Meta (M)
16.7.7.22

File size:
6.6 MB (6,905,328 bytes)

Product version:
1.0.0.19656

Copyright:
Copyright © 2015 K9Tools.com

Original file name:
k9pcp.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\k9-pc protector\k9pcp.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
11/25/2015 4:00:00 PM

Valid to:
12/25/2016 3:59:59 PM

Subject:
CN=SUPER TUNEUP TECHNOLOGIES LLP, O=SUPER TUNEUP TECHNOLOGIES LLP, L=Jaipur, S=Rajasthan, C=IN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
58FEBEB38F02A497B484D16ACC28799C

File PE Metadata
Compilation timestamp:
4/6/2016 6:07:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:jaI5OXcUs2GpVAGs8edltYnqD9a/Yc6Qzrb4Rd7hvjRQWSeJ:+eOsy8eyqZa/Yc6Qzre

Entry address:
0x68CD9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 68, 00...
 
[+]

Entropy:
6.6678

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.5 MB (6,860,288 bytes)

Scheduled Task
Task name:
K9-PC Protector_startup

Trigger:
Logon (Runs on logon)


The file k9pcp.exe has been discovered within the following program.

K9-PC Protector  by The Phone Support Pvt. Ltd.
K9-PC Protector is a branded version of Systweak software, a potentially unwanted 'PC optimization and registry cleaner' program.
www.k9tools.com
About 68% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to https-69-28-164-128.dal.llnw.net  (69.28.164.128:80)

TCP (HTTP):
Connects to cdn-208-111-128-7.lga.llnw.net  (208.111.128.7:80)

TCP (HTTP):
Connects to cdn-178-79-198-253.tlv.llnw.net  (178.79.198.253:80)

TCP (HTTP):
Connects to https-69-28-164-0.dal.llnw.net  (69.28.164.0:80)

TCP (HTTP):
Connects to https-69-164-0-128.iad.llnw.net  (69.164.0.128:80)

TCP (HTTP):
Connects to cdn-178-79-198-254.tlv.llnw.net  (178.79.198.254:80)

TCP (HTTP):
Connects to cdn-178-79-211-253.lon.llnw.net  (178.79.211.253:80)

TCP (HTTP):
Connects to https-69-164-0-0.iad.llnw.net  (69.164.0.0:80)

TCP (HTTP):
Connects to cdn-208-111-128-6.lga.llnw.net  (208.111.128.6:80)

TCP (HTTP):
Connects to https-178-79-251-0.lcy.llnw.net  (178.79.251.0:80)

TCP (HTTP):
Connects to https-178-79-242-0.fra.llnw.net  (178.79.242.0:80)

TCP (HTTP):
Connects to https-69-28-162-128.lax.llnw.net  (69.28.162.128:80)

TCP (HTTP):
Connects to https-178-79-242-128.fra.llnw.net  (178.79.242.128:80)

TCP (HTTP):
Connects to db.e7.25ae.ip4.static.sl-reverse.com  (174.37.231.219:80)

TCP (HTTP):
Connects to cdn-68-142-118-4.atl1.llnw.net  (68.142.118.4:80)

TCP (HTTP):
Connects to cdn-68-142-118-254.atl1.llnw.net  (68.142.118.254:80)

TCP (HTTP):
Connects to cdn-208-111-148-7.sjc.llnw.net  (208.111.148.7:80)

TCP (HTTP):
Connects to cdn-178-79-211-254.lon.llnw.net  (178.79.211.254:80)

Remove k9pcp.exe - Powered by Reason Core Security