home

premiumpcsetup_off.exe

premiumpc installer

Akorea

The application premiumpcsetup_off.exe by Akorea has been detected as adware by 31 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Akorea  (signed and verified)

Product:
premiumpc installer

Version:
1, 0, 0, 1

MD5:
eee7c9d1a53dfed481f58d1120759b40

SHA-1:
0376fe3c07fdea6db9fcf0e8b2759508d85bb099

SHA-256:
1af4ce72950e0a1529df5d5c79d1964553b626199b6a8bee6c09f2277f16de62

Scanner detections:
31 / 68

Status:
Adware

Analysis date:
4/27/2024 1:05:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.129002
802

AhnLab V3 Security
PUP/Win32.PowerBoan
2014.06.18

Avira AntiVirus
TR/Graftor.53956.20
7.11.155.70

avast!
Win32:Adware-AZQ [Adw]
2014.9-141125

AVG
Generic33
2015.0.3280

Bitdefender
Gen:Variant.Adware.Graftor.129002
1.0.20.1645

Dr.Web
Trojan.Fakealert.38440
9.0.1.0329

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.129002
8.14.11.25.01

ESET NOD32
Win32/Adware.IScan (variant)
8.9959

Fortinet FortiGate
W32/Onescan.D!tr
11/25/2014

F-Prot
W32/FakeAlert.UA.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.129002
11.2014-25-11_3

G Data
Gen:Variant.Adware.Graftor.129002
14.11.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.1712436

Kaspersky
Trojan-FakeAV.Win32.Onescan
14.0.0.2895

Malwarebytes
Rogue.PremiumPC
v2014.11.25.01

McAfee
FakeAlert-PZ
5600.6936

MicroWorld eScan
Gen:Variant.Adware.Graftor.129002
15.0.0.987

NANO AntiVirus
Trojan.Win32.FakeAV.brtipc
0.28.0.60253

Norman
Krypt.DI
11.20141125

Panda Antivirus
Trj/CI.A
14.11.25.01

Qihoo 360 Security
HEUR/Malware.QVM11.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Akorea.S
14.11.25.1

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-FraudScan
10217

Trend Micro House Call
TROJ_FAKEAL.LCJ
7.2.329

Trend Micro
TROJ_FAKEAL.LCJ
10.465.25

Vba32 AntiVirus
TrojanFakeAV.Onescan
3.12.26.0

ViRobot
Adware.Agent.206352.A
2011.4.7.4223

Zillya! Antivirus
Adware.IScan.Win32.187
2.0.0.1828

File size:
201.5 KB (206,352 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2013 AKorea All rights reserved.

Original file name:
premiumpcsetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\temp\premiumpcsetup_off.exe

Digital Signature
Signed by:
Akorea

Authority:
Thawte, Inc.

Valid from:
5/5/2012 9:00:00 AM

Valid to:
7/5/2013 8:59:59 AM

Subject:
CN=Akorea, O=Akorea, L=Haeundae-gu, S=BUSAN, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2FAE031CEAF57B56615A3998DEB1D1FD

File PE Metadata
Compilation timestamp:
5/23/2013 11:37:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:kzzItgUIxeMzRlU6dJu2o2XT9LlLeUNHeWVDOvCb1PCb8cGxHESJMpc9A/:kzQGnlUoECXREUTVDpbRCbRGxklv/

Entry address:
0x243610

Entry point:
60, BE, 00, 50, 61, 00, 8D, BE, 00, C0, DE, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8565

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
188 KB (192,512 bytes)

Remove premiumpcsetup_off.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.