× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04b7ab2b5062d01ea640279cbc5d1977df32420a9962fb254acf3ea7948d2d7b
File name: ccsetup552.exe
Detection ratio: 1 / 67
Analysis date: 2019-01-18 15:52:08 UTC ( 2 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Bundled.Toolbar.Google.D potentially unsafe 20190118
Acronis 20190118
Ad-Aware 20190118
AegisLab 20190118
AhnLab-V3 20190118
Alibaba 20180921
ALYac 20190118
Antiy-AVL 20190118
Arcabit 20190118
Avast 20190118
Avast-Mobile 20190118
AVG 20190118
Avira (no cloud) 20190118
Babable 20180918
Baidu 20190118
BitDefender 20190118
Bkav 20190118
CAT-QuickHeal 20190118
ClamAV 20190118
CMC 20190118
Comodo 20190118
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190118
Cyren 20190118
DrWeb 20190118
Emsisoft 20190118
Endgame 20181108
F-Prot 20190118
F-Secure 20190118
Fortinet 20190118
GData 20190118
Ikarus 20190118
Sophos ML 20181128
Jiangmin 20190118
K7AntiVirus 20190118
K7GW 20190118
Kaspersky 20190118
Kingsoft 20190118
Malwarebytes 20190118
MAX 20190118
McAfee 20190118
McAfee-GW-Edition 20190118
Microsoft 20190118
eScan 20190118
NANO-Antivirus 20190118
Palo Alto Networks (Known Signatures) 20190118
Panda 20190118
Qihoo-360 20190118
Rising 20190118
SentinelOne (Static ML) 20190118
Sophos AV 20190118
SUPERAntiSpyware 20190116
Symantec 20190118
TACHYON 20190118
Tencent 20190118
TheHacker 20190118
Trapmine 20190103
TrendMicro-HouseCall 20190118
Trustlook 20190118
VBA32 20190118
ViRobot 20190118
Webroot 20190118
Yandex 20190118
Zillya 20190118
ZoneAlarm by Check Point 20190118
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2005-2019 Piriform Software Ltd

Product CCleaner
File version 5.52.0.6967
Description CCleaner Installer
Signature verification Signed file, verified signature
Signing date 11:14 AM 1/10/2019
Signers
[+] Piriform Software Ltd
Status Valid
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 12:00 AM 09/19/2017
Valid to 12:00 PM 12/31/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 88E5F7801197938644E498A619E7C8A72F79CD6E
Serial number 05 23 40 9B 9F B5 C3 B8 C0 C4 63 A3 18 72 3F F9
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 PM 02/11/2011
Valid to 12:00 PM 02/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 12:00 AM 10/22/2014
Valid to 12:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT NSIS, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-29 21:34:49
Entry Point 0x00003A1C
Number of sections 5
PE sections
Overlays
MD5 0037985696e7e1349cba36aaaaca2879
File type data
Offset 78848
Size 19263032
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegEnumKeyW
SetFileSecurityW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
SetErrorMode
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
LoadLibraryExW
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
SetFilePointer
lstrcpyW
SetFileAttributesW
CreateThread
lstrcmpiA
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
lstrcpynA
lstrcmpA
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
LoadLibraryW
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
GetFullPathNameW
GetTickCount
GetVersion
GetProcAddress
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
FillRect
SetWindowPos
SendMessageTimeoutW
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
RegisterClassW
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
CheckDlgButton
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
FindWindowExW
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 36
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 44
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
48128

ImageVersion
6.0

ProductName
CCleaner

FileVersionNumber
5.52.0.6967

UninitializedDataSize
16896

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.52.0.6967

TimeStamp
2015:12:29 22:34:49+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
CCleaner Installer

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2005-2019 Piriform Software Ltd

MachineType
Intel 386 or later, and compatibles

CompanyName
Piriform Software Ltd

CodeSize
29696

FileSubtype
0

ProductVersionNumber
5.52.0.6967

EntryPoint
0x3a1c

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
File identification
MD5 b62d4496cee15094ac4c82785dfa7a06
SHA1 cab1d85a3ffb4f255e7847c892587d160831b86f
SHA256 04b7ab2b5062d01ea640279cbc5d1977df32420a9962fb254acf3ea7948d2d7b
ssdeep
393216:Qk2qJuG/UoS8VErobuhiZBF+dON+b932vPxza/GDWJCfX:Qfq3/UzrYuqBF+dOKszlWIv

authentihash 0fba0acc64e846c4d65543a24c090a939824e39e58aea668569f2795305f5f40
imphash 377a97652fdf5740d8cc11d5ce124fed
File size 18.4 MB ( 19341880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (71.9%)
Win32 Executable (generic) (11.9%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.3%)
DOS Executable Generic (5.3%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2019-01-17 10:50:21 UTC ( 2 months ago )
Last submission 2019-03-16 15:40:25 UTC ( 1 week ago )
File names ccsetup552.exe
ccsetup552_Bundled.Toolbar.Google.D.exe
ccleaner-5-52-6967.exe
ccsetup5512.exe
ccsetup552.exe
ccsetup552.exe
ccleaner-5526967.exe
CCleaner_v5.52.6967.exe
CCSETUP552.EXE
ccleaner-5-52-6967 (1).exe
ccsetup552 (2).exe
ccsetup552.exe
ccsetup552.exe
ccsetup552 (4).exe
ccsetup552.exe
ccsetup552.exe
ccsetup552 (1).exe
CCleaner Free v5.52 Build 6967 rus.exe
CCleaner-setup_5.52.6967.exe
ccsetup552.exe
ccsetup552.exe
ccsetup552.exe
ccsetup552.exe
CCleanerSetup552.exe
ccsetup552.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications