× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57ea9e1705eaf581e97c34238f2e04f6a3c0ea0b6f06ec985e2231e802107e04
File name: CLEANUP.EXE
Detection ratio: 1 / 68
Analysis date: 2018-08-10 12:29:06 UTC ( 5 days, 15 hours ago ) View latest
Antivirus Result Update
Cylance Unsafe 20180810
Ad-Aware 20180810
AegisLab 20180810
AhnLab-V3 20180810
Alibaba 20180713
ALYac 20180810
Antiy-AVL 20180810
Arcabit 20180810
Avast 20180810
Avast-Mobile 20180810
AVG 20180810
Avira (no cloud) 20180810
AVware 20180810
Babable 20180725
Baidu 20180810
BitDefender 20180810
Bkav 20180810
CAT-QuickHeal 20180810
ClamAV 20180810
CMC 20180810
Comodo 20180810
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180810
DrWeb 20180810
eGambit 20180810
Emsisoft 20180810
Endgame 20180730
ESET-NOD32 20180810
F-Prot 20180810
F-Secure 20180810
Fortinet 20180810
GData 20180810
Sophos ML 20180717
Jiangmin 20180810
K7AntiVirus 20180810
K7GW 20180810
Kaspersky 20180810
Kingsoft 20180810
Malwarebytes 20180810
MAX 20180810
McAfee 20180810
McAfee-GW-Edition 20180810
Microsoft 20180810
eScan 20180810
NANO-Antivirus 20180810
Palo Alto Networks (Known Signatures) 20180810
Panda 20180810
Qihoo-360 20180810
Rising 20180810
SentinelOne (Static ML) 20180701
Sophos AV 20180810
SUPERAntiSpyware 20180810
Symantec 20180810
Symantec Mobile Insight 20180809
TACHYON 20180810
Tencent 20180810
TheHacker 20180807
TotalDefense 20180810
TrendMicro 20180810
TrendMicro-HouseCall 20180810
Trustlook 20180810
VBA32 20180810
VIPRE 20180810
ViRobot 20180810
Webroot 20180810
Yandex 20180810
Zillya 20180809
ZoneAlarm by Check Point 20180810
Zoner 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2002

Product adi CleanUp
Original name CleanUp.exe
Internal name CleanUp
File version 1, 0, 0, 2
Description CleanUp
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-04-17 19:05:31
Entry Point 0x000017D0
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLastError
HeapFree
GetStdHandle
LCMapStringW
ReadFile
SetHandleCount
GetOEMCP
LCMapStringA
CopyFileA
HeapAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
SetFilePointer
GetCPInfo
GetStringTypeA
GetModuleHandleA
FindFirstFileA
WriteFile
GetCurrentProcess
CloseHandle
FindNextFileA
GetACP
GetStringTypeW
TerminateProcess
WideCharToMultiByte
HeapCreate
VirtualFree
FindClose
HeapDestroy
GetFileType
SetEndOfFile
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
24576

ImageVersion
0.0

ProductName
adi CleanUp

FileVersionNumber
1.0.0.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
CleanUp.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 2

TimeStamp
2002:04:17 20:05:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CleanUp

ProductVersion
1, 0, 0, 2

FileDescription
CleanUp

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2002

MachineType
Intel 386 or later, and compatibles

CompanyName
adi

CodeSize
20480

FileSubtype
0

ProductVersionNumber
1.0.0.2

EntryPoint
0x17d0

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 c78a0d9e0fac64810cef67908eb0d695
SHA1 069130e4542c787039102bbb6f894e5c1d790524
SHA256 57ea9e1705eaf581e97c34238f2e04f6a3c0ea0b6f06ec985e2231e802107e04
ssdeep
384:frVVa9TipDQUejhCPz0YSbGuf/PF+2iyct1fjicXWT625N1evqF4Ku2C:Tw9+mSuXm/GNnY84Ko

authentihash fd86f74ab782bbbd5218dfaffc864388052d7238f546981e424d4a5934d4d373
imphash 817e5aec0800bfc81ecb76d83d703b2a
File size 44.0 KB ( 45056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe installshield

VirusTotal metadata
First submission 2008-01-12 22:15:55 UTC ( 10 years, 7 months ago )
Last submission 2018-08-15 14:50:47 UTC ( 13 hours, 17 minutes ago )
File names dss_4869737182047560675.sxdfrj
dss_4620409253712776069.96pmys
cleanup.exe
dss_5665559181982595618.ituybf
dss_5054788286394174670.nj5nut
dss_5759934767178202641.lhholo
dss_5343943608643376292.tshdzo
dss_5141800713056434883.ns3xdp
dss_4968982779958752307.s2q0ih
dss_5530904779269298260.kmtpwx
CleanUp
dss_5341565396338946430.jj6im4
dss_5098370681882213215.b6agga
dss_5501061491177030930.vlsxjk
dss_5172459601468793840.mmf3bk
dss_5425569668522184456.k9mnj4
dss_5615484591536532487.8k4rfm
dss_5146208472908157167.krkj3q
dss_5388339630938422313.t10xlh
dss_4657498525805531739.zbqz4j
dss_5410445071552749942.dupkwn
dss_4838931810672984135.tnyfwo
dss_4809298426772801403.nzeulg
dss_5044075861796440468.cljhul
dss_5066737577567815105.boccon
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!