× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29e261b1bc20231df371c5718d9619c2445cb31260609e6a4787395b1382d883
File name: CleanSweep
Detection ratio: 57 / 65
Analysis date: 2017-08-29 04:50:33 UTC ( 11 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.187456 20170829
AegisLab Troj.Spy.W32.SpyEyes.e!c 20170829
AhnLab-V3 Trojan/Win32.SpyEye.R1709 20170829
ALYac Gen:Variant.Razy.187456 20170828
Antiy-AVL Trojan/Win32.Unknown 20170829
Arcabit Trojan.Razy.D2DC40 20170829
Avast Win32:Downloader-NTU [PUP] 20170829
AVG Win32:Downloader-NTU [PUP] 20170829
Avira (no cloud) TR/Crypt.ZPACK.Gen 20170828
AVware Trojan.Win32.Generic.pak!cobra 20170829
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9968 20170828
BitDefender Gen:Variant.Razy.187456 20170829
Bkav W32.CleanSweapA.Fam.Trojan 20170829
ClamAV Win.Trojan.Agent-948339 20170829
Comodo TrojWare.Win32.TrojanSpy.SpyEyes.~A 20170829
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170804
Cylance Unsafe 20170829
Cyren W32/SpyEyes.A.gen!Eldorado 20170829
DrWeb Trojan.PWS.SpySweep.2 20170829
Emsisoft Gen:Variant.Razy.187456 (B) 20170829
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Spy.SpyEye.B 20170829
F-Prot W32/SpyEyes.A.gen!Eldorado 20170829
F-Secure Gen:Variant.Razy.187456 20170829
Fortinet W32/SpyEyes.CF!tr.spy 20170829
GData Win32.Trojan.Spyeye.D 20170829
Ikarus Trojan-Spy.Win32.SpyEyes 20170828
Sophos ML heuristic 20170822
Jiangmin Trojan/Pincav.dfa 20170829
K7AntiVirus Backdoor ( 04c52ae51 ) 20170828
K7GW Backdoor ( 04c52ae51 ) 20170828
Kaspersky HEUR:Trojan.Win32.Generic 20170829
Malwarebytes Trojan.Agent 20170829
MAX malware (ai score=83) 20170829
McAfee BackDoor-Spyeye 20170826
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.ch 20170828
Microsoft Trojan:Win32/EyeStye 20170829
eScan Gen:Variant.Razy.187456 20170829
NANO-Antivirus Trojan.Win32.SpyEyes.ronn 20170829
Panda Trj/Genetic.gen 20170828
Qihoo-360 HEUR/Malware.QVM20.Gen 20170829
Rising Trojan.Generic (cloud:JfLiKcBjrnS) 20170829
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Spyeye-A 20170829
SUPERAntiSpyware Trojan.Agent/Gen-SpyKey 20170829
Symantec Trojan.Spyeye 20170828
Tencent Win32.Trojan.Generic.Lnoj 20170829
TheHacker Trojan/Spy.SpyEyes.e 20170828
TotalDefense Win32/Spyeye.B!ISIgeneric 20170828
TrendMicro TSPY_SPYEYE.SM 20170829
TrendMicro-HouseCall TSPY_SPYEYE.SM 20170829
VBA32 BScope.Trojan-Dropper.Injector 20170828
VIPRE Trojan.Win32.Generic.pak!cobra 20170829
Webroot W32.Trojan.Trojan-Backdoor-SpyE 20170829
Yandex Trojan.Agent!BIbscwrkoGY 20170828
Zillya Trojan.SpyEyes.Win32.2 20170828
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170829
Alibaba 20170829
CAT-QuickHeal 20170828
CMC 20170828
Kingsoft 20170829
nProtect 20170829
Palo Alto Networks (Known Signatures) 20170829
Symantec Mobile Insight 20170829
Trustlook 20170829
ViRobot 20170828
WhiteArmor 20170829
Zoner 20170829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2006 Microsoft Corporation. All rights reserved.

Product 2007 Microsoft CleanSweep system
Original name cleansweep.exe
Internal name CleanSweep
File version 1, 1, 3, 14
Description Microsoft CleanSweep
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-09 17:12:34
Entry Point 0x00001A91
Number of sections 5
PE sections
PE imports
lstrcmpiA
strstr
memset
wcscpy
wcscat
strcpy
_strlwr
strlen
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 1
PE resources
ExifTool file metadata
LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.3.14

LanguageCode
Unknown (0009)

FileFlagsMask
0x0017

FileDescription
Microsoft CleanSweep

CharacterSet
Unicode

InitializedDataSize
120320

EntryPoint
0x1a91

OriginalFileName
cleansweep.exe

MIMEType
application/octet-stream

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

FileVersion
1, 1, 3, 14

TimeStamp
2010:02:09 18:12:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CleanSweep

ProductVersion
2, 0, 1, 14

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
9728

ProductName
2007 Microsoft CleanSweep system

ProductVersionNumber
2.0.1.14

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3da127c898d0df2c15165e4af8f61d5c
SHA1 c9d77cb4b92a606122e8c19a801c0a0af66f0696
SHA256 29e261b1bc20231df371c5718d9619c2445cb31260609e6a4787395b1382d883
ssdeep
1536:dMycXDdQRR/UvucNpSfnG5rNCunRIWvgx9nyoZdihAIpf/8qT6QU1yg:kzdMR/UvucnS+ucRIWvgnVy16n1d

authentihash e301f0aaaabfeec3f8517b89c6f2981f6ae5541b317ce4e2da645dc3052f6542
imphash c0249a6a0570c835b3a4e210b910a600
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-11 23:28:20 UTC ( 8 years, 6 months ago )
Last submission 2014-06-09 14:50:25 UTC ( 4 years, 2 months ago )
File names Vu7E9Ro9yR.dot
SpyEyes.exe
zZfU0Qh_.dwg
aa
CleanSweep
424603
spyeye_exe
cleansweep.exe
bt_getexe.php-H1fxTq
c9d77cb4b92a606122e8c19a801c0a0af66f0696
bt_getexe.ph
2C89E38300F8618A00DC02E8181CA60003949A21.tmp
3DA127C898D0DF2C15165E4AF8F61D5C
3da127c898d0df2c15165e4af8f61d5c
3da127c898d0df2c15165e4af8f61d5c.
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!