Analyzing...

File Name: pcspeedup_f341ada4a2174f9480ae2e20c73d79a7_.exe

SHA1: ab84b151b723dd7bff31f5eb3f6bf3c7254adcc2

MD5: 65277274f8a42ad0111a2b9212d7a283

First Seen Date: 2016-01-15 16:14:15.828717 ( 2016-01-15 16:14:15.828717 )

Number of Clients Seen: 11

Last Analysis Date: 2017-01-09 11:21:47.638116 ( 2017-01-09 11:21:47.638116 )

Human Expert Analysis Date: 2016-01-18 23:22:30.475865 ( 2016-01-18 23:22:30.475865 )

Human Expert Analysis Result: PUA

Analysis Summary

Analysis Type	Date	Verdict
Signature Based Detection	2017-01-09 11:21:47.638116	Malware
Static Analysis Overall Verdict	2017-01-09 11:21:47.638116	Highly Suspicious
Dynamic Analysis Overall Verdict	2017-01-09 11:21:47.638116	No Threat Found
Human Expert Analysis Overall Verdict	2016-01-18 23:22:30.475865	PUA

Static Analysis

Static Analysis Overall Verdict	Result
Highly Suspicious

Detector	Result
Optional Header LoaderFlags field is valued illegal	Clean
Non-ascii or empty section names detected	Clean
Illegal size of optional Header	Clean
Packer detection on signature database	Unknown
Based on the sections entropy check! file is possibly packed	Clean
Timestamp value suspicious	Clean
Header Checksum is zero!	Clean
Enrty point is outside the 1st(.code) section! Binary is possibly packed	Suspicious
Optional Header NumberOfRvaAndSizes field is valued illegal	Clean
Anti-vm present	Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger	Clean
TLS callback functions array detected	Clean

Dynamic Analysis

Dynamic Analysis Overall Verdict	Result
No Threat Found

Suspicious Behaviors
Opens a file in a system directory
Modifies Windows Service Keys
Uses a function clandestinely

Behavioral Information

OpenMutex

Local\MSCTF.Asm.MutexDefault1

DefaultTabtip-MainUI

QueryFilePath

C:\Users\win7\AppData\Local\Temp\is-D087A.tmp\pcspeedup_f341ada4a2174f9480ae2e20c73d79a7_.tmp

C:\Windows\syswow64\MSCTF.dll

C:\Windows\syswow64\USER32.dll

LowerChar

cspeedup_f341ada4a2174f9480ae2e20c73d79a7_

ReadRegisteryKey

MS Shell Dlg 2

ProgramFilesDir

CommonFilesDir

RegisteredOwner

RegisteredOrganization

Default Impersonation Level

ProcessID

EnablePrivateObjectHeap

ContextLimit

ObjectLimit

IdentifierLimit

Disable

DataFilePath

Plane1

Plane2

Plane3

Plane4

Plane5

Plane6

Plane7

Plane8

Plane9

Plane10

Plane11

Plane12

Plane13

Plane14

Plane15

Plane16

CreateFile

C:\pcspeedup_f341ada4a2174f9480ae2e20c73d79a7_.exe

C:\Users\win7\AppData\Local\Temp\is-GA612.tmp\_isetup\_setup64.tmp

C:\Users\win7\AppData\Local\Temp\is-GA612.tmp\_isetup\_shfoldr.dll

C:\Windows\system32\wbem\wbemdisp.TLB

C:\Windows\system32\rsaenh.dll

C:\Windows\SysWOW64\stdole2.tlb

C:\Windows\Fonts\staticcache.dat

\\.\Nsi

C:\Users\win7\AppData\Local\Temp\is-GA612.tmp\responseData.txt

OpenRegisteryKey

Software\CodeGear\Locales

Software\Borland\Locales

Software\Borland\Delphi\Locales

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

System\CurrentControlSet\Control\Keyboard Layouts\041F0409

System\CurrentControlSet\Control\Keyboard Layouts\04090409

Software\Microsoft\Windows\CurrentVersion

SOFTWARE\Microsoft\Windows NT\CurrentVersion

SOFTWARE\Speedchecker Limited\PC Speed Up

.DEFAULT\Software\Speedchecker Limited\PC Speed Up

S-1-5-19\Software\Speedchecker Limited\PC Speed Up

S-1-5-20\Software\Speedchecker Limited\PC Speed Up

S-1-5-21-3979321414-2393373014-2172761192-1000\Software\Speedchecker Limited\PC Speed Up

S-1-5-21-3979321414-2393373014-2172761192-1000_Classes\Software\Speedchecker Limited\PC Speed Up

S-1-5-18\Software\Speedchecker Limited\PC Speed Up

Software\Microsoft\Wbem\Scripting

Software\Microsoft\WBEM\CIMOM

SOFTWARE\Malwarebytes' Anti-Malware

Software\Speedchecker Limited\PC Speed Up

Software\Wow6432Node\Speedchecker Limited\PC Speed Up

Software\Optimal Software Ltd\WiFi Protector

SOFTWARE\Optimal Software Ltd\WiFi Protector

Software\Wow6432Node\Optimal Software Ltd\WiFi Protector

Software\Safe Download Ltd.\Registry Expert

SOFTWARE\Safe Download Ltd.\Registry Expert

Software\Wow6432Node\Safe Download Ltd.\Registry Expert

Software\PC Speed Up Extension

SOFTWARE\PC Speed Up Extension

Software\Wow6432Node\PC Speed Up Extension

Software\Wifi Protector Extension

SOFTWARE\Wifi Protector Extension

Software\Wow6432Node\Wifi Protector Extension

http\shell\open\command

Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall

Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall

SYSTEM\CurrentControlSet\services\tap0901

SYSTEM\CurrentControlSet\services\taphss

SYSTEM\CurrentControlSet\services\tapsf0901

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink

SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0

SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback

Tahoma

MS Sans Serif

Verdana

Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Up_is1

CreateMutex

<NULL>

LoadLibrary

C:\Users\win7\AppData\Local\Temp\is-D087A.tmp\pcspeedup_f341ada4a2174f9480ae2e20c73d79a7_.ENU

C:\Users\win7\AppData\Local\Temp\is-D087A.tmp\pcspeedup_f341ada4a2174f9480ae2e20c73d79a7_.EN

imm32.dll

uxtheme.dll

shell32.dll

C:\Windows\system32\ole32.dll

C:\Windows\syswow64\MSCTF.dll

C:\Users\win7\AppData\Local\Temp\is-GA612.tmp\_isetup\_shfoldr.dll

shfolder.dll

ole32.dll

msvcrt.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

C:\Windows\system32\advapi32.dll

SXS.DLL

ADVAPI32.dll

OLEAUT32.dll

API-MS-Win-Security-LSALookup-L1-1-0.dll

CRYPTBASE.dll

comctl32.dll

C:\Windows\system32\imageres.dll

C:\Windows\system32\shell32.dll

UxTheme.dll

IMM32.dll

C:\Windows\system32\shlwapi.dll

SHLWAPI.dll

winhttp.dll

WS2_32.dll

kernel32.dll

SspiCli.dll

RPCRT4.dll

DNSAPI.dll

USER32.dll

OLEAUT32.DLL

Precise Detectors Analysis Results

No Detector Result Received

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Human Expert Analysis Results

Analysis Start Date: 2016-01-18 23:20:01.576517 ( 2016-01-18 23:20:01.576517 )

Analysis End Date: 2016-01-18 23:22:30.475865 ( 2016-01-18 23:22:30.475865 )

File Upload Date: 2016-01-18 18:29:51.346179 ( 2016-01-18 18:29:51.346179 )

Update Date: 2016-01-18 23:22:30.475871 ( 2016-01-18 23:22:30.475871 )

Human Expert Analyst Feedback: Download behavior

Verdict: PUA

Additional File Information

Vendor Validation

Certificate Validation

PE Headers

Property	Value

File Paths

File Path on Client	Seen Count
ab84b151b723dd7bff31f5eb3f6bf3c7254adcc2	1

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5

PE Imports

PE Exports

PE Resources

Loading...