home

pcupdaterapi.exe

Windows Setup API

Maximum Publishing LLC

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application pcupdaterapi.exe, “Windows Setup API” by Maximum Publishing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by Maximum Publishing LLC)

Product:
Microsoft® Windows® Operating System

Description:
Windows Setup API

Version:
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)

MD5:
1d70a9032d960a534a4cb005e6f47092

SHA-1:
994f5a99fc8f0873fa5d57c01d0d5abe49900b61

SHA-256:
386c731991bdc3166c2cc76ab9bafc72b1e51887ef9b5e1060351fa4b3d015ac

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/10/2024 4:44:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PCBugDoctor.Optional.Installer.Meta (L)
15.11.28.2

File size:
72.2 KB (73,952 bytes)

Product version:
5.2.3790.1830

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
SETUPAPI.DLL

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pc updater\amd64\pcupdaterapi.exe

Digital Signature
Signed by:
Maximum Publishing LLC

Authority:
VeriSign, Inc.

Valid from:
9/25/2007 1:00:00 AM

Valid to:
9/25/2010 12:59:59 AM

Subject:
CN=Maximum Publishing LLC, OU=of Corperations, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Maximum Publishing LLC, L=Lewes, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
30CE1714CDADA71FE0A22F352DFA0E3D

File PE Metadata
Compilation timestamp:
3/25/2005 12:42:19 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
1536:f6eEawgsMG3zfvaPAtT9zmEb3rlxHeWUZ:fzAzfvaQT9zmU3rlxHeWe

Entry address:
0x73D0

Entry point:
48, 83, EC, 58, 48, 89, 5C, 24, 70, 48, 89, 7C, 24, 78, 66, 81, 3D, 19, 8C, FF, FF, 4D, 5A, 74, 08, 33, DB, 89, 5C, 24, 60, EB, 7C, 48, 63, 05, 44, 8C, FF, FF, 48, 8D, 0D, 01, 8C, FF, FF, 48, 03, C1, 81, 38, 50, 45, 00, 00, 74, 08, 33, DB, 89, 5C, 24, 60, EB, 5B, 0F, B7, 48, 18, 81, F9, 0B, 01, 00, 00, 74, 32, 81, F9, 0B, 02, 00, 00, 74, 08, 33, DB, 89, 5C, 24, 60, EB, 3F, 83, B8, 84, 00, 00, 00, 0E, 77, 08, 33, DB, 89, 5C, 24, 60, EB, 2E, 33, DB, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89, 5C, 24, 60, EB, 1D...
 
[+]

Entropy:
5.2808

Code size:
31.5 KB (32,256 bytes)

Remove pcupdaterapi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.