» PCSpeedCleanPROSetup.exe
Overview
Analysis
File Details

PCSpeedCleanPROSetup.exe

PC Speed Clean PRO

Downloadius S.a.r.l

The application PCSpeedCleanPROSetup.exe, “This installer database contains the logic and data required to install PC Speed Clean PRO.” by Downloadius S.a.r.l has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder.

File name:

Publisher:

Downloadius S.a.r.l (signed and verified)

Product:

PC Speed Clean PRO

Description:

This installer database contains the logic and data required to install PC Speed Clean PRO.

Version:

2.5.4

MD5:

f69b048f1b40ff8b6a2437dd130107c1

SHA-1:

acb16724da0a0cd682b804628e7543c4e7867d5a

SHA-256:

c6a6ef8a58d3e299677b02622a086975ca969d1d45d6e9fd596539c4f6c6a51e

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 4:20:21 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Downloadius.Installer (M)

16.7.2.6

File size:

5.4 MB (5,686,144 bytes)

Product version:

2.5.4

Original file name:

PCSpeedCleanPROSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pcspeedcleanprosetup.exe

Digital Signature

Signed by:

Downloadius S.a.r.l

Authority:

COMODO CA Limited

Valid from:

7/25/2013 8:00:00 PM

Valid to:

7/25/2016 7:59:59 PM

Subject:

CN=Downloadius S.a.r.l, O=Downloadius S.a.r.l, STREET="7, Avenue Gaston Diderich", L=Luxembourg, S=Luxembourg, PostalCode=L-1420, C=LU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

516E4C889E15D413F8CD7F3121095139

File PE Metadata

Compilation timestamp:

6/17/2014 10:05:48 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:maDlJ3b3GPzDmY82D5gP+uuVlVvU1gdR4IItGc+D9uwPfcX9DKVImDUe39Fa/Hl/:LDQSY8e5gBklVJdR4II6DIAfcND4U22F

Entry address:

0xC831C

Entry point:

E8, 41, CC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 5D, 4E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, C5, D5, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 39, 4E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A1, D5, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 0A, 4E, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77... 
[+]

Entropy:

7.7316 (probably packed)

Code size:

1020.5 KB (1,044,992 bytes)

Remove PCSpeedCleanPROSetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.