× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 121160b049c3f509080bb3fb67a113fd0019213327ef4c677dbfa66a23eb3367
File name: adwcleaner.exe
Detection ratio: 0 / 65
Analysis date: 2017-09-12 00:10:02 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20170912
AegisLab 20170911
AhnLab-V3 20170911
Alibaba 20170911
ALYac 20170912
Antiy-AVL 20170912
Arcabit 20170911
Avast 20170912
AVG 20170912
Avira (no cloud) 20170911
AVware 20170912
Baidu 20170911
BitDefender 20170911
Bkav 20170911
CAT-QuickHeal 20170911
ClamAV 20170912
CMC 20170902
Comodo 20170911
CrowdStrike Falcon (ML) 20170804
Cylance 20170912
Cyren 20170911
DrWeb 20170911
Emsisoft 20170911
Endgame 20170821
ESET-NOD32 20170911
F-Prot 20170911
F-Secure 20170911
Fortinet 20170911
GData 20170911
Ikarus 20170911
Sophos ML 20170822
Jiangmin 20170911
K7AntiVirus 20170911
K7GW 20170911
Kaspersky 20170912
Kingsoft 20170912
Malwarebytes 20170911
MAX 20170912
McAfee 20170911
McAfee-GW-Edition 20170911
Microsoft 20170911
eScan 20170911
NANO-Antivirus 20170911
nProtect 20170911
Palo Alto Networks (Known Signatures) 20170912
Panda 20170911
Qihoo-360 20170912
Rising 20170911
SentinelOne (Static ML) 20170806
Sophos AV 20170911
SUPERAntiSpyware 20170912
Symantec 20170911
Symantec Mobile Insight 20170911
Tencent 20170912
TheHacker 20170911
TotalDefense 20170911
TrendMicro 20170911
TrendMicro-HouseCall 20170912
Trustlook 20170912
VBA32 20170911
VIPRE 20170911
ViRobot 20170911
Webroot 20170912
WhiteArmor 20170829
Yandex 20170908
Zillya 20170911
ZoneAlarm by Check Point 20170912
Zoner 20170911
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C) 2017 Malwarebytes

Product AdwCleaner
Original name AdwCleaner.exe
Internal name AdwCleaner
File version 7.0.2.0
Description AdwCleaner
Signature verification Signed file, verified signature
Signing date 3:22 AM 8/5/2017
Signers
[+] Malwarebytes Corporation
Status Valid
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 7/21/2016
Valid to 1:00 PM 7/25/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 249BDA38A611CD746A132FA2AF995A2D3C941264
Serial number 04 4E 3B F5 89 76 88 0F FD 07 44 48 A8 F7 A0 58
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-05 02:21:49
Entry Point 0x003803CD
Number of sections 6
PE sections
Overlays
MD5 98ba5409e839b35dbd0a92531b562d90
File type data
Offset 8172032
Size 15304
Entropy 7.19
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
ConvertSidToStringSidW
RegDeleteTreeW
RegCreateKeyW
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegOpenKeyExW
RegRestoreKeyW
DeleteService
CryptHashData
RegQueryValueExW
CryptCreateHash
CloseServiceHandle
OpenProcessToken
RegGetValueW
RegEnumKeyW
RegDeleteKeyValueW
IsValidSid
SystemFunction036
LookupAccountNameW
CryptReleaseContext
GetUserNameW
EnumServicesStatusExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
RegEnumValueW
RegSetValueExW
FreeSid
CryptGetHashParam
OpenSCManagerW
QueryServiceStatusEx
RegDeleteKeyExW
RegSaveKeyW
EnumDependentServicesW
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_BeginDrag
ImageList_Destroy
ImageList_SetBkColor
ImageList_Draw
ImageList_GetImageInfo
ImageList_Create
ImageList_Remove
ImageList_DragEnter
ImageList_DragMove
ImageList_DragLeave
Ord(17)
Ord(16)
ImageList_Add
ImageList_Replace
ImageList_Copy
ImageList_ReplaceIcon
ImageList_SetDragCursorImage
ImageList_EndDrag
ImageList_GetIcon
PrintDlgW
GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
CommDlgExtendedError
PageSetupDlgW
CertFreeCertificateContext
CryptBinaryToStringW
CryptVerifyMessageSignature
CertGetNameStringW
GetCharABCWidthsW
GetTextMetricsW
SetMapMode
GetPaletteEntries
CombineRgn
GetObjectType
SetLayout
SetPixel
SetWorldTransform
DeleteObject
CreatePalette
EqualRgn
CreateDIBitmap
GetDIBits
ExtCreateRegion
StretchBlt
StretchDIBits
Pie
SetWindowExtEx
Arc
ExtCreatePen
SetBkColor
GetBkColor
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
GetClipBox
CreateRectRgnIndirect
GetEnhMetaFileW
GetPixel
GetLayout
ExcludeClipRect
SetBkMode
RectInRegion
PtInRegion
GetRegionData
BitBlt
CreateEnhMetaFileW
SetAbortProc
SelectPalette
GetOutlineTextMetricsW
ExtSelectClipRgn
CloseEnhMetaFile
SetROP2
EndPage
GetNearestPaletteIndex
PolyPolygon
SetViewportExtEx
SetGraphicsMode
CreatePen
SetStretchBltMode
Rectangle
GetDeviceCaps
LineTo
DeleteDC
EndDoc
CreateFontIndirectW
GetWorldTransform
StartPage
GetObjectW
CreateDCW
RealizePalette
CreateHatchBrush
CreatePatternBrush
OffsetRgn
ExtTextOutW
CreateBitmap
GetStockObject
PlayEnhMetaFile
GdiFlush
SelectClipRgn
RoundRect
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
Polygon
GetRgnBox
CreateICW
MaskBlt
ModifyWorldTransform
GetTextExtentExPointW
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateCompatibleDC
PolyBezier
SetBrushOrgEx
CreateRectRgn
SelectObject
SetPolyFillMode
CreateCompatibleBitmap
CreateSolidBrush
Polyline
StartDocW
Ellipse
SetThreadLocale
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
EncodePointer
SetConsoleCursorPosition
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
FindFirstFileExW
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetDiskFreeSpaceW
GetTempPathW
MoveFileA
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
CreateEventW
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
GetPrivateProfileSectionNamesW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
VirtualLock
GetSystemTime
InitializeCriticalSection
CopyFileW
LoadResource
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
FlushViewOfFile
LoadLibraryA
VerSetConditionMask
SetThreadPriority
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetPrivateProfileStringW
FormatMessageA
SetFilePointer
SetFileAttributesW
LockFileEx
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
Wow64DisableWow64FsRedirection
GetExitCodeThread
SetUnhandledExceptionFilter
GetCurrentProcess
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
GetUserDefaultLocaleName
DecodePointer
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
UnlockFileEx
VirtualProtect
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
FreeLibrary
GlobalSize
UnlockFile
GetWindowsDirectoryW
GetFileSize
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetConsoleScreenBufferInfo
GetProcessHeap
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
HeapValidate
FreeConsole
CreateFileMappingA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GlobalLock
CreateFileMappingW
GetTimeZoneInformation
CreateFileW
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
HeapReAlloc
GetTimeFormatW
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
QueryPerformanceFrequency
LockFile
lstrlenW
Process32NextW
VirtualFree
HeapCompact
WaitForSingleObjectEx
SwitchToThread
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
GetCommandLineA
Process32FirstW
GetCurrentThread
ReadConsoleW
MapViewOfFile
TlsFree
GetModuleHandleA
VirtualUnlock
ReadFile
CloseHandle
ReadConsoleOutputCharacterA
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
IsBadStringPtrA
InitializeCriticalSectionEx
VirtualAlloc
AlphaBlend
GradientFill
VarBstrFromCy
SysFreeString
SysStringLen
VariantClear
SysAllocString
RpcStringFreeW
UuidToStringW
SHGetFolderPathW
DragFinish
DragQueryFileW
DragAcceptFiles
SHFileOperationW
ShellExecuteW
DragQueryPoint
ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ExtractIconW
PathIsRelativeW
StrTrimW
Ord(487)
PathAddBackslashW
PathCanonicalizeW
SHAutoComplete
RedrawWindow
GetMessagePos
SetWindowRgn
UnregisterHotKey
LoadBitmapW
MoveWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
DrawStateW
SetWindowPos
DdeDisconnect
IsWindow
EndPaint
DdePostAdvise
WindowFromPoint
DdeCreateStringHandleW
GetMessageTime
VkKeyScanW
SetMenuItemInfoW
GetMenuItemID
GetCursorPos
ChildWindowFromPointEx
SendMessageW
UnregisterClassW
GetClassInfoW
DdeInitializeW
DefWindowProcW
DrawTextW
LoadImageW
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
GetClientRect
DdeQueryStringW
GetActiveWindow
ShowCursor
GetUpdateRgn
DdeCreateDataHandle
GetWindowTextW
ChangeDisplaySettingsExW
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
PtInRect
DrawEdge
RegisterHotKey
GetParent
UpdateWindow
EnumWindows
GetMessageW
ShowWindow
SetMenuInfo
DrawFrameControl
EnumDisplayMonitors
ValidateRgn
PeekMessageW
InsertMenuItemW
CharUpperW
GetClipboardFormatNameW
EnumDisplaySettingsW
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetIconInfo
SetParent
RegisterClassW
CharLowerA
IsZoomed
GetWindowPlacement
SetWindowLongW
DrawMenuBar
EnableMenuItem
GetSubMenu
CreateMenu
DdeClientTransaction
IsDialogMessageW
EnableWindow
MonitorFromPoint
CreateAcceleratorTableW
GetSysColorBrush
GetDialogBaseUnits
DdeConnect
CreateWindowExW
GetWindowLongW
DestroyWindow
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
SetFocus
DdeFreeStringHandle
keybd_event
KillTimer
MapVirtualKeyW
GetComboBoxInfo
CheckMenuRadioItem
GetSystemMetrics
IsIconic
DdeGetData
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
CreateIconIndirect
PostMessageW
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
DrawFocusRect
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
BringWindowToTop
GetSystemMenu
ClientToScreen
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
FillRect
SetForegroundWindow
ExitWindowsEx
GetMenuItemInfoW
GetAsyncKeyState
CreateDialogIndirectParamW
ReleaseDC
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
CopyRect
GetCapture
ScreenToClient
MessageBeep
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
DdeUninitialize
FlashWindowEx
SetMenu
SetRectEmpty
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
DispatchMessageW
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
GetProcessDefaultLayout
GetDoubleClickTime
DestroyIcon
IsWindowVisible
GetDesktopWindow
DdeNameService
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
SetRect
InvalidateRect
AnimateWindow
CallWindowProcW
GetClassNameW
ModifyMenuW
ValidateRect
IsRectEmpty
GetFocus
wsprintfW
DdeGetLastError
SetCursor
UnhookWindowsHookEx
TranslateAcceleratorW
GetProfilesDirectoryW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
DocumentPropertiesW
ClosePrinter
OpenPrinterW
WinVerifyTrust
ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData
CoInitializeEx
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoLockObjectExternal
ReleaseStgMedium
CoCreateGuid
RegisterDragDrop
CoCreateInstance
CoInitializeSecurity
DoDragDrop
RevokeDragDrop
OleSetClipboard
OleGetClipboard
OleFlushClipboard
CoTaskMemFree
OleIsCurrentClipboard
CoSetProxyBlanket
CoTaskMemAlloc
Number of PE resources by type
MOFILE 29
RT_ICON 6
BINARY 1
RT_MANIFEST 1
RT_RCDATA 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 41
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Malwarebytes

SubsystemVersion
6.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
AdwCleaner

CharacterSet
Unicode

InitializedDataSize
3831296

EntryPoint
0x3803cd

OriginalFileName
AdwCleaner.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2017 Malwarebytes

FileVersion
7.0.2.0

TimeStamp
2017:08:05 03:21:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AdwCleaner

ProductVersion
7.0.2.0

UninitializedDataSize
0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Malwarebytes

CodeSize
4567552

ProductName
AdwCleaner

ProductVersionNumber
7.0.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ce116e89dfb4b0df2a4128b0f8470e36
SHA1 48ef253313269bc4b17a905b6532346915715e21
SHA256 121160b049c3f509080bb3fb67a113fd0019213327ef4c677dbfa66a23eb3367
ssdeep
196608:r6vDhPeAU7SDWa7/KP3sM5nJVg/jWjG2FsshF:r6v8gDWa7/jOJVDwshF

authentihash bdc3dd42d9b5e5e5de2a8518fc828cc4e773907631b813d4f24b0f84af60b9eb
imphash 756259221cad0e6cbdbe036e8d9fd8a1
File size 7.8 MB ( 8187336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (93.1%)
Win32 Executable (generic) (3.6%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-08-05 03:01:30 UTC ( 5 months, 2 weeks ago )
Last submission 2017-12-11 12:24:20 UTC ( 1 month, 1 week ago )
File names adwcleaner.exe
adwcleaner_7.0.2.0.exe
adwcleaner_7.0.2.0.exe
AdwCleaner
adwcleaner_7.0.2.0.exe
adwcleaner_7.0.2.0.exe
adwcleaner_7.0.2.0.exe
adwcleaner_7.0.2.0.exe
adwcleaner.exe
adwcleaner.exe
adwcleaner_7.0.2.0.exe
adwcleaner_7.0.2.0.exe
AdwCleaner.exe
adwcleaner_7.0.2.0.exe
AdwCleaner_7.0.2.0.exe
adwcleaner_7.0.2.0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications