× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cb21d46a3addd09f4fe553e7e9e5c7a5e141a9309c2cc7ca6ce1c61583dc6b8a
File name: malware2.exe
Detection ratio: 9 / 56
Analysis date: 2016-04-29 10:23:21 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Generic.pak!cobra 20160429
Baidu Win32.Trojan.WisdomEyes.151026.9950.9997 20160429
BitDefender Gen:Variant.Razy.44880 20160429
Bkav HW32.Packed.DE0C 20160429
McAfee-GW-Edition BehavesLike.Win32.Ransomware.dh 20160429
Qihoo-360 QVM20.1.Malware.Gen 20160429
Rising Malware.XPACK-HIE/Heur!1.9C48 20160429
Tencent Win32.Trojan.Raas.Auto 20160429
VIPRE Trojan.Win32.Generic.pak!cobra 20160429
Ad-Aware 20160429
AegisLab 20160429
AhnLab-V3 20160429
Alibaba 20160429
ALYac 20160429
Antiy-AVL 20160429
Arcabit 20160429
Avast 20160429
AVG 20160429
Avira (no cloud) 20160429
Baidu-International 20160429
CAT-QuickHeal 20160429
ClamAV 20160429
CMC 20160429
Comodo 20160429
Cyren 20160429
DrWeb 20160429
Emsisoft 20160429
ESET-NOD32 20160429
F-Prot 20160429
F-Secure 20160429
Fortinet 20160429
GData 20160429
Ikarus 20160429
Jiangmin 20160429
K7AntiVirus 20160429
K7GW 20160429
Kaspersky 20160429
Kingsoft 20160429
Malwarebytes 20160429
McAfee 20160429
Microsoft 20160429
eScan 20160429
NANO-Antivirus 20160429
nProtect 20160429
Panda 20160428
Sophos AV 20160429
SUPERAntiSpyware 20160429
Symantec 20160429
TheHacker 20160429
TrendMicro 20160429
TrendMicro-HouseCall 20160429
VBA32 20160429
ViRobot 20160429
Yandex 20160428
Zillya 20160429
Zoner 20160429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2015 Piriform Ltd

Product GCleaner
Original name gcleaner.exe
Internal name gcleaner
File version 5, 11, 00, 5408
Description GCleaner
Comments CCleaner
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-29 06:24:51
Entry Point 0x00007E4A
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
RegEnumKeyW
DeleteService
RegQueryValueExW
CloseServiceHandle
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
SetServiceStatus
RegOpenKeyExW
SetTokenInformation
RegOpenKeyW
QueryServiceStatusEx
GetTokenInformation
DuplicateTokenEx
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
CreateProcessAsUserW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CreateServiceW
ChangeServiceConfigW
SetNamedSecurityInfoW
ReplaceFileA
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
lstrcmpW
GetLocalTime
GetProfileIntA
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
lstrcpyA
GetFullPathNameA
GetFileTime
FindResourceExA
GetShortPathNameA
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
CompareFileTime
SetFileAttributesA
GetOEMCP
LocalFree
MoveFileA
ResumeThread
RtlUnwind
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FindNextChangeNotification
GetStringTypeExA
SetLastError
GetProcAddress
GetUserDefaultUILanguage
LocalLock
SuspendThread
GetModuleFileNameW
CopyFileA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetThreadLocale
RaiseException
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
_lclose
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
IsProcessorFeaturePresent
GetFileInformationByHandle
GetSystemDirectoryA
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
GlobalAlloc
SearchPathA
SetEndOfFile
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
LoadLibraryExW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
GetUserDefaultLangID
FreeLibrary
GlobalSize
UnlockFile
SystemTimeToFileTime
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetCPInfo
GlobalLock
_lread
AddAtomW
GetProcessHeap
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
_lcreat
lstrcmpA
FindFirstFileExA
FindFirstFileA
GetCurrentThreadId
GetDiskFreeSpaceA
EnumResourceNamesA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
DuplicateHandle
WaitForMultipleObjects
RemoveDirectoryA
GetTimeZoneInformation
CreateFileW
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
GlobalGetAtomNameA
LocalUnlock
InterlockedIncrement
GetLastError
LocalReAlloc
DosDateTimeToFileTime
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LocalFileTimeToFileTime
IsDebuggerPresent
OpenWaitableTimerW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
WinExec
OpenFile
CancelWaitableTimer
_lwrite
SizeofResource
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
GetTempPathA
EnumResourceTypesA
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
SetStdHandle
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceW
OpenWaitableTimerA
Sleep
WriteConsoleW
GetFileAttributesExA
FindResourceA
ResetEvent
GetModuleInformation
GetModuleFileNameExW
SHGetSpecialFolderPathW
SHEmptyRecycleBinW
SHGetMalloc
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
SetFocus
TrackPopupMenuEx
GetMonitorInfoW
GetParent
PostQuitMessage
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
GetMessageW
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
LoadStringA
LoadCursorW
EnumChildWindows
MapWindowPoints
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
GetWindow
PostMessageW
CharUpperA
SetTimer
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
UnregisterClassA
LoadStringW
SetWindowTextW
GetMenuItemInfoW
SetCursor
CallWindowProcW
MonitorFromWindow
ScreenToClient
GetClassNameW
CharNextW
LoadImageW
LoadIconA
InvalidateRect
GetKeyboardLayout
GetMenuItemCount
MonitorFromPoint
GetClientRect
GetWindowTextW
GetDesktopWindow
IsWindowUnicode
GetFocus
GetWindowLongW
SetForegroundWindow
DrawTextW
PtInRect
TranslateAcceleratorW
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
_exit
exit
_CIsin
__set_app_type
CoInitialize
Number of PE resources by type
RT_ICON 24
RT_BITMAP 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

Comments
CCleaner

InitializedDataSize
237568

ImageVersion
9.0

FileSubtype
0

FileVersionNumber
5.11.0.5408

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
GCleaner

CharacterSet
Unicode

LinkerVersion
9.0

EntryPoint
0x7e4a

OriginalFileName
gcleaner.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2015 Piriform Ltd

FileVersion
5, 11, 00, 5408

TimeStamp
2016:04:29 07:24:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gcleaner

ProductVersion
5, 11, 00, 5408

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Piriform Ltd

CodeSize
61952

ProductName
GCleaner

ProductVersionNumber
5.11.0.5408

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 0608285eed579359e5649881169ca920
SHA1 70ecaffc2c1ad87be7f6bd9414dd30050244cc99
SHA256 cb21d46a3addd09f4fe553e7e9e5c7a5e141a9309c2cc7ca6ce1c61583dc6b8a
ssdeep
3072:BBkiqrfcP6lf4JE0oLEX1QDzBIW5u3w7O0sJStqQTS2aIaTwtiDJ/PjFvfl:EiqrfcP6CJEFw1QRIWlsfQ5+kidzF3

authentihash 58c675b3b475c0d485138a796d2dd1aeb2c21beba0a5de4b676c768cb7725a09
imphash a761745c18c06d243843adabc189b7c5
File size 221.5 KB ( 226816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-29 10:23:21 UTC ( 1 year, 6 months ago )
Last submission 2016-05-05 01:24:06 UTC ( 1 year, 6 months ago )
File names 0608285EED579359E5649881169CA920.BD3A3867
gcleaner.exe
gcleaner
localfile~
Sample.exe
hj1lsp
malware2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications