PC Performer

Kategorie: Adware und PUAs Schutz verfügbar seit:10 Feb 2012 02:09:29 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:23 Jun 2016 22:46:34 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of PC Performer include:

Example 1

File Information

Size
7.4M
SHA-1
83385c7518d52688d2aad94dc50e18b097b319d4
MD5
fcc40b95e7ac2cb6e5a4d5337cf86dbd
CRC-32
7c114cfb
File type
Windows executable
First seen
2012-02-08

Example 2

File Information

Size
3.4M
SHA-1
a75f9c795833f6bf3e9727a50d8058ed7d041049
MD5
d273713f5fd180b527bc1369a4d2d353
CRC-32
78dd427e
File type
Windows executable
First seen
2011-11-25

Runtime Analysis

Dropped Files
  • C:\Program Files\PC Performer\CleanSchedule.exe
  • C:\Documents and Settings\All Users\Start Menu\Programs\PC Performer\Register PC Performer.lnk
    Size
    763
    SHA-1
    dcb9fa105f49282e57482567de641fd01aab9493
    MD5
    997c7ce700db42015e6dff044acc7e66
    CRC-32
    4eb64b07
    File type
    Windows Shortcut file (.LNK)
    First seen
    2015-07-01
  • C:\Documents and Settings\All Users\Start Menu\Programs\PC Performer\PC Performer.lnk
    Size
    737
    SHA-1
    ffc427093eaef5edebb31426105dec12ebae0ded
    MD5
    0d07cf0cd3869e56eba0b5379585e183
    CRC-32
    5b4ea0cd
    File type
    Windows Shortcut file (.LNK)
    First seen
    2015-07-01
  • C:\Documents and Settings\All Users\Start Menu\Programs\PC Performer\Uninstall PC Performer.lnk
    Size
    722
    SHA-1
    39b57beed04ec57468472e42e3b2339dd85aaa7c
    MD5
    24fea30b86c508c5304256b5b241f596
    CRC-32
    d085d101
    File type
    Windows Shortcut file (.LNK)
    First seen
    2015-07-01
  • C:\WINDOWS\Tasks\PC Performer_DEFAULT.job
    Size
    268
    SHA-1
    d6c8b966e939c6210d2d937743cf57d2527cff5a
    MD5
    f04f6b148c04e8db6372df6db4e63d92
    CRC-32
    4d8cab57
    File type
    .JOB File Format
    First seen
    2015-07-01
  • C:\Program Files\PC Performer\Italian_rcp.ini
  • C:\Program Files\PC Performer\korean_rcp_ko.ini
  • C:\Program Files\PC Performer\install_left_image.bmp
  • C:\Program Files\PC Performer\polish_rcp_pl.ini
  • C:\Program Files\PC Performer\xmllite.dll
  • C:\Program Files\PC Performer\German_rcp.ini
  • C:\Program Files\PC Performer\unins000.exe
  • C:\Program Files\PC Performer\Beforeuninstall.exe
  • C:\WINDOWS\Tasks\PC Performer_UPDATES.job
    Size
    276
    SHA-1
    7da618a958476407f1fe1a9a95ec30bc1304c708
    MD5
    cf56a50ce5392137ead0bf999322b30a
    CRC-32
    82d7cc63
    File type
    .JOB File Format
    First seen
    2015-07-01
  • C:\Program Files\PC Performer\Spanish_rcp.ini
  • C:\Program Files\PC Performer\Danish_rcp.ini
  • C:\Program Files\PC Performer\Portuguese_rcp.ini
  • C:\Program Files\PC Performer\russian_rcp_ru.ini
  • c:\Documents and Settings\test user\Application Data\PerformerSoft\PC Performer\eng_rcp.dat
  • C:\Program Files\PC Performer\Chinese_rcp.ini
  • C:\Program Files\PC Performer\eng_rcp.ini
  • C:\Program Files\PC Performer\unins000.msg
  • C:\Program Files\PC Performer\Dutch_rcp.ini
  • C:\Documents and Settings\All Users\Desktop\PC Performer.lnk
    Size
    725
    SHA-1
    f08039a116b40b4c77f7ea31fff4d01d5c29d114
    MD5
    3c270c05b680bc373412cdfed219e0c4
    CRC-32
    1334495f
    File type
    Windows Shortcut file (.LNK)
    First seen
    2015-07-01
  • C:\Program Files\PC Performer\Finnish_rcp_fi.ini
  • C:\Program Files\PC Performer\Swedish_rcp.ini
  • C:\Program Files\PC Performer\PCPerformer.dll
  • C:\Program Files\PC Performer\French_rcp.ini
  • C:\Program Files\PC Performer\Norwegian_rcp.ini
  • C:\Program Files\PC Performer\TraditionalCn_rcp_zh-tw.ini
  • C:\WINDOWS\system32\roboot.exe
  • C:\Program Files\PC Performer\greek_rcp_el.ini
  • C:\Program Files\PC Performer\Japanese_rcp.ini
  • C:\Program Files\PC Performer\portugese_rcp_pt.ini
  • c:\Documents and Settings\test user\Application Data\PerformerSoft\PC Performer\log_07-01-2015.log
  • C:\Program Files\PC Performer\unins000.dat
    Size
    37K
    SHA-1
    267348ad1c6cf9aa2eb8d45d74ee2b0886233be9
    MD5
    2265b9ef5fb8363dc7d40c4726d2bc12
    CRC-32
    a42b6ca8
    File type
    Unspecified binary - probably data
    First seen
    2015-07-01
  • C:\Program Files\PC Performer\PCPerformer.exe
    Size
    7.4M
    SHA-1
    83385c7518d52688d2aad94dc50e18b097b319d4
    MD5
    fcc40b95e7ac2cb6e5a4d5337cf86dbd
    CRC-32
    7c114cfb
    File type
    Windows executable
    First seen
    2012-02-08
  • C:\Program Files\PC Performer\turkish_rcp_tr.ini
  • C:\Program Files\PC Performer\isxdl.dll
Registry Keys Created
  • HKCR\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}\VersionIndependentProgID
    (Default)
    SpnMdrWrdBrk.SpnMdrWrdBrk
  • HKCR\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}\InprocServer32
    ThreadingModel
    Free
  • HKCU\Software\PerformerSoft\PC Performer\LANG
    LangID
    0x00000000
  • HKLM\SOFTWARE\PerformerSoft
    MachineID
  • HKLM\SOFTWARE\PerformerSoft\PC Performer\LANG
    LangID
    0x00000000
  • HKCU\Software\PerformerSoft\PC Performer
    FirstRun
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1
    MinorVersion
    0x0000000a
  • HKCR\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    (Default)
    SpnMdrWrdBrk Class
  • HKLM\SOFTWARE\PerformerSoft\PC Performer
    Expired
    0x00000000
  • HKCU\Software\PerformerSoft
    MachineID
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    RDReminder
    C:\Program Files\PC Performer\PCPerformer.exe -rem
  • HKCR\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}\ProgID
    (Default)
    SpnMdrWrdBrk.SpnMdrWrdBrk.1
  • HKCU\Software\Licenses
    {0B278E36AA51C7412}
    V>□□□□□□□p□□□□□0□□ □□@□□ /□ f□□□□□□□□□□□□□p□□ =□□□□□=□□□□`d□□□□□F□□□□□d□□□□`R□□□□□□□□*□□f□□1□□□□□□□ y□p□□0-□0□□□□□□]□□□□@□□□□□□□□□□□□y□p=□□□□□]□□□□ □□□□□□□□□□□□□□`□□ 6□P~□p□□□z□pu□`□□□□□□□□0□□@A□□□□□5□`□□□i□`□□□
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Schedule
    Start
    0x00000002
Processes Created
  • c:\docume~1\support\locals~1\temp\is-lapvt.tmp\sample.tmp
  • c:\program files\pc performer\pcperformer.exe
HTTP Requests
  • http://www.performersoft.com/pcperformer/thankyou.php
DNS Requests
  • www.performersoft.com

Example 3

File Information

Size
97K
SHA-1
b912b1b3f35c7c562d766ef6dd361b436bbf33a0
MD5
7261666957b6724b8bb5d76d8d0e76bd
CRC-32
c8e969ac
File type
Windows executable
First seen
2014-06-25

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\PCP_100_v3_Installium\Hash_HMAC.dll
Registry Keys Created
  • HKLM\SOFTWARE\PerformerSoft\PC Performer
    UNINSTALL_URL
    http://performersoft.com/pcperformer/afteruninstall.php?cid=4776
HTTP Requests
  • http://www.appkama.com/files/products/PCPerformerSetup_genericv3.exe
  • http://www.appkama.com/service/country.php
  • http://www.performersoft.com/speedtest/index.php
DNS Requests
  • api.ibario.com
  • www.appkama.com
  • www.performersoft.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden