» pc_169105.en_83.exe
Overview
Analysis
File Details
Programs (4)
Downloads (22)
Network (17)

pc_169105.en_83.exe

PC Gizmos

The application pc_169105.en_83.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including 136528 by PC Gizmos LTD and Facebook Emoticons by PC Gizmos LTD. The file has been seen being downloaded from f51.x8top.net and multiple other hosts. While running, it connects to the Internet address 125.235.4.59.adsl.viettel.vn on port 80 using the HTTP protocol.

File name:

pc_169105.en_83.exe

Publisher:

PC Gizmos

Product:

PC Gizmos

Version:

1.0.0.1

MD5:

f5df170e0800e50559ce44cc9e09f0fd

SHA-1:

f2334a0e1eda16c9a3779da63927287d8cc40bed

SHA-256:

42cfebf8a9fa6f089216e3aac94d7a6c366076b597d7c727a194e396a87e0db8

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 12:24:32 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PCGizmos.Meta (M)

15.10.26.21

File size:

2.1 MB (2,153,472 bytes)

Product version:

1.0.0.1

PC Gizmos

Original file name:

PCGizmos.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\pc_169105.en_83.exe

File PE Metadata

Compilation timestamp:

10/18/2013 12:37:22 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:Q/0fSgR5dkOKJ3RRsZCIJBB0yI55y3eNUlTulT39PrU18lbheX9NKHQT+II4De6T:XfSgREpzsZCiBB0yI55y3eNUyT39PrZi

Entry address:

0x13B9FD

Entry point:

E8, 56, C0, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 70, 32, 5D, 00, 75, 02, F3, C3, E9, DD, C0, 00, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, E4, 44, 57, 00, 57, FF, 35, 8C, D5, 5D, 00, FF, D6, FF, 35, 88, D5, 5D, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, E8, 9D, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 10, C2, 00, 00, 59, 59, 85... 
[+]

Entropy:

6.4356

Code size:

1.4 MB (1,516,544 bytes)

The file pc_169105.en_83.exe has been discovered within the following programs.

136528 by PC Gizmos LTD

About 2% of users remove it

Facebook Emoticons by PC Gizmos LTD

Publisher's description - “Facebook Emoticons gives you many emoticons, smiley and icons. It is a simple add-on to your Facebook page. It adds a wide variety of emoticons, smileys and icons for you to choose from.”

www.pc-gizmos.com

47% remove it

PC Gizmos App by PC-Gizmos

Publisher's description - “It’s simply better. Gizmos are easier to install and automatically work on all supported browsers. Let’s say, for example, that you download a chrome add-on to block ads on YouTube. The add-on would block ads only on Google Chrome.”

65% remove it

YouTube Convertor by PC Gizmos LTD

46% remove it

The file pc_169105.en_83.exe has been seen being distributed by the following 22 URLs.

http://f51.x8top.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

http://c236.x8top.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

http://f30.y8top.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

http://f51.y8top.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

&onid=2168&oid=3001-2168_4-75738300&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=mp3audio/streaming&topicbrcrm=&pid=13459773&mfgid=10209477&merid=10209477&ctype=dm&cval=SPIGOTWIN&devicetype=desktop&pguid=c72982dea5cdcfb067e6b27f&viewguid=aV4C9S0BIwz4dTmYBmN8tqk22DjOVsNUfbpo&destUrl=http://files.downloadnow.com/s/software/13/45/97/.../SoundcloudDLD-PC_136528.en_83.exe

http://a.tinhaythe.com/v2106xm/2014/.../soundcloud-downloader-3-0.exe

http://c236.y8top.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

&onid=2168&oid=3001-2168_4-75738300&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=mp3audio/streaming&topicbrcrm=&pid=13459773&mfgid=10209477&merid=10209477&ctype=dm&cval=NONE&devicetype=desktop&pguid=45a844dabe27f1915f63a043&viewguid=bGBNy5ImeNsFAgzqUgFGMIcZepBMeYXwO-Rr&destUrl=http://software-files-a.cnet.com/s/software/13/45/97/.../SoundcloudDLD-PC_136528.en_83.exe

http://www.apptilio.com/shared/.../VideoDownloader-PC_165639.en_83.exe

http://arkiv.idg.se/pfa/program/1412/.../SoundcloudDLD-PC_136528.en_83.exe

http://f35.softwaretop.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

http://f51.softwaretop.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

http://f70.softwaretop.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

http://files.downloadnow-2.com/s/software/13/45/97/.../SoundcloudDLD-PC_136528.en_83.exe

http://c36.softwaretop.net/2107tmp/cf/ngv/2015/.../facebook-emoticons_272.exe

http://f70.softwaretop.net/2107tmp/cf/ngv/2015/.../block-youtube-ads_196.exe

http://files.downloadnow.com/s/software/13/45/97/.../SoundcloudDLD-PC_136528.en_83.exe

http://software-files-a.cnet.com/s/software/13/45/97/.../FBemoticons-PC_137133.en_83.exe

http://files.downloadnow.com/s/software/13/37/44/.../BlockAds-PC_136519.en_83.exe

&onid=2168&oid=3001-2168_4-75738300&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=mp3audio/streaming&topicbrcrm=windows software&pid=13459773&mfgid=10209477&merid=10209477&ctype=dm&cval=CBSI&devicetype=desktop&pguid=f8dcfa816951b5b2526f6a91&viewguid=RlLZXiJ5mUYiOG2OZtugolPKg2lGKhEaJnJr&destUrl=http://software-files-a.cnet.com/s/software/13/45/97/.../SoundcloudDLD-PC_136528.en_83.exe

http://software-files-a.cnet.com/s/software/13/37/44/.../BlockAds-PC_136519.en_83.exe

http://software-files-a.cnet.com/s/software/13/45/97/.../SoundcloudDLD-PC_136528.en_83.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to static.vnpt.vn (113.171.238.108:80)

TCP (HTTP):

Connects to cache.google.com (109.226.50.45:80)

TCP (HTTP):

Connects to wg-in-f99.1e100.net (173.194.78.99:80)

TCP (HTTP):

Connects to wg-in-f106.1e100.net (173.194.78.106:80)

TCP (HTTP):

Connects to wb-in-f99.1e100.net (74.125.132.99:80)

TCP (HTTP):

Connects to static.vdc.vn (113.187.31.114:80)

TCP (HTTP):

Connects to mil02s06-in-f14.1e100.net (173.194.40.14:80)

TCP (HTTP):

Connects to mil01s17-in-f6.1e100.net (173.194.35.38:80)

TCP (HTTP):

Connects to hkg03s11-in-f16.1e100.net (173.194.127.80:80)

TCP (HTTP):

Connects to hg-in-f99.1e100.net (74.125.128.99:80)

TCP (HTTP):

Connects to fra07s32-in-f19.1e100.net (173.194.112.179:80)

TCP (HTTP):

Connects to ec2-54-225-140-188.compute-1.amazonaws.com (54.225.140.188:80)

TCP (HTTP):

Connects to ec2-50-17-200-221.compute-1.amazonaws.com (50.17.200.221:80)

TCP (HTTP):

Connects to 125.235.4.59.adsl.viettel.vn (125.235.4.59:80)

TCP (HTTP):

Connects to 125.235.36.104.adsl.viettel.vn (125.235.36.104:80)

Remove pc_169105.en_83.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.