home

pc.exe

PCAcceleratePro & Instant support

Installer Technology Co.

The executable pc.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.pcaccel.com and multiple other hosts. While running, it connects to the Internet address 172-245-127-102-host.colocrossing.com on port 80 using the HTTP protocol.
Publisher:
Installer Technology  (signed by Installer Technology Co.)

Product:
PCAcceleratePro & Instant support

Version:
1.0.29.7

MD5:
ed75dab9aa8f29693410d745ac1cd5ba

SHA-1:
2a0148708df02d5e6c1ce30a308ea5ed0d277731

SHA-256:
2091ac43dfcb0c6a9cb8e2ad2bfc3db2ef5471e3237cafb920df85d97eb86e16

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/25/2024 6:01:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.16.9

File size:
13.7 MB (14,343,480 bytes)

Product version:
1.0.29.7

Copyright:
Copyright Installer Technology 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\pc.exe

Digital Signature
Signed by:
Installer Technology Co.

Authority:
COMODO CA Limited

Valid from:
9/27/2016 5:00:00 PM

Valid to:
9/28/2017 4:59:59 PM

Subject:
CN=Installer Technology Co., O=Installer Technology Co., STREET=407 lincoln road, L=miami beach, S=florida, PostalCode=33139, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1B58BBA81BB22C023967D6D579B294FC

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9948

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file pc.exe has been seen being distributed by the following 5 URLs.

https://download.pcaccel.com/getfile.php?f=pcinst&aff=1234

https://download.pcaccel.com/getfile.php?f=pcinst&aff=1235

http://download.pcaccel.com/getfile.php?f=pcinst&aff=1120

http://download.pcaccel.com/getfile.php?f=pcinst&aff=106

http://download.pcaccel.com/getfile.php?f=pcinst&aff=1023

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 172-245-127-102-host.colocrossing.com  (172.245.127.102:80)

Remove pc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.