» tctrzlhvxw.exe
Overview
Analysis
File Details
Programs (1)

tctrzlhvxw.exe

software

The application tctrzlhvxw.exe has been detected as a potentially unwanted program by 42 anti-malware scanners. This file is typically installed with the program PCCpnApp by Undefined Malware which is a potentially unwanted software program. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

tctrzlhvxw.exe

Publisher:

software

Product:

software

Description:

a can

Version:

are and

MD5:

1ec6ef2b5975bc11c1ce81dd8434c957

SHA-1:

3a116feeb300e9067586eddd6982d17561e15725

SHA-256:

f984f329243ef36359f950b7d741f43629f15fb32dae0da760c354d5fe17d6d4

Scanner detections:

42 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 1:50:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.N

925

Agnitum Outpost

Win32.Sality.AA

7.1.1

AhnLab V3 Security

Win32/Sality.K

2014.07.18

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win32:MultiPlug-BH [PUP]

140617-1

AVG

Adware Generic_r.QQ

2014.0.3986

Baidu Antivirus

Virus.Win32.Sality.$s

4.0.3.14725

Bitdefender

Win32.Sality.N

1.0.20.1030

Bkav FE

W32.SalityF.PE

1.3.0.4959

Clam AntiVirus

W32.Sality

0.98/19185

Comodo Security

MalCrypt.Indus!

18880

Dr.Web

Trojan.Damaged.1

9.0.1.0206

Emsisoft Anti-Malware

Win32.Sality.N

8.14.07.25.11

ESET NOD32

Win32/AdWare.MultiPlug.AG application

7.0.302.0

Fortinet FortiGate

W32/Sality.AL

7/25/2014

F-Prot

W32/Sality.AI

v6.4.6.5.141

F-Secure

Win32.Sality.N

11.2014-25-07_6

G Data

Win32.Sality

14.7.24

IKARUS anti.virus

P2P-Worm.Win32.Bacteraloh

t3scan.1.6.1.0

K7 AntiVirus

Virus

13.180.12763

Kaspersky

Virus.Win32.Sality

14.0.0.3508

Malwarebytes

PUP.Optional.MultiPlug

v2014.07.25.11

McAfee

W32/Sality.ac

5600.7059

Microsoft Security Essentials

Threat.Undefined

1.179.317.0

MicroWorld eScan

Win32.Sality.N

15.0.0.618

NANO AntiVirus

Virus.Win32.Sality.eqco

0.28.2.60881

Norman

Stration.EFZ

11.20140725

nProtect

Win32.Sality.N

14.07.17.01

Panda Antivirus

W32/Sality.Y

14.07.25.11

Qihoo 360 Security

Virus.Win32.Sality.F

1.0.0.1015

Quick Heal

W32.Sality.K

7.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.25.11

Rising Antivirus

PE:Win32.Sality.m!471630

23.00.65.14723

Sophos

W32/Sality-AD

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10462

Total Defense

Win32/Sality.S

37.0.11065

Trend Micro House Call

PE_SALITY.AL

7.2.206

Trend Micro

PE_SALITY.AL

10.465.25

Vba32 AntiVirus

Virus.Sality.309

3.12.26.3

VIPRE Antivirus

Threat.204212

31208

ViRobot

Win32.Sality.F

2011.4.7.4223

Zillya! Antivirus

Virus.Sality.Win32.3

2.0.0.1860

File size:

718 KB (735,232 bytes)

Product version:

software

Original file name:

a can

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\perricechop\tctrzlhvxw.exe

File PE Metadata

Compilation timestamp:

7/25/2014 4:02:03 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:a8ZhzdKRcyd5vky9Lx3kW9Jiy9nvw8LhERfGShN97qe+cAu4EaI:rhzd8yyz194yJvZLUfGSd+cmI

Entry address:

0x37D58

Entry point:

E8, BD, 59, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F8, 18, 47, 00, E8, 92, 1B, 00, 00, E8, 6D, 30, 00, 00, 0F, B7, F0, 6A, 02, E8, 50, 59, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 31, 53, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

373 KB (381,952 bytes)

The file tctrzlhvxw.exe has been discovered within the following program.

PCCpnApp by Undefined Malware

PCCpnApp is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

optonthing.info

82% remove it

Remove tctrzlhvxw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.