× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cbffcf639d8e7824f545c81f5615060a391996e9d731db14e64f1f5fda050ec7
File name: malware.exe
Detection ratio: 4 / 56
Analysis date: 2016-05-03 08:06:39 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.275A 20160429
McAfee-GW-Edition BehavesLike.Win32.Ransom.dh 20160502
Qihoo-360 QVM20.1.Malware.Gen 20160503
Rising Malware.XPACK-HIE/Heur!1.9C48 20160503
Ad-Aware 20160503
AegisLab 20160502
AhnLab-V3 20160502
Alibaba 20160503
ALYac 20160503
Antiy-AVL 20160503
Arcabit 20160503
Avast 20160503
AVG 20160503
Avira (no cloud) 20160503
AVware 20160503
Baidu 20160429
Baidu-International 20160503
BitDefender 20160503
CAT-QuickHeal 20160503
ClamAV 20160502
CMC 20160429
Comodo 20160503
Cyren 20160502
DrWeb 20160503
Emsisoft 20160503
ESET-NOD32 20160503
F-Prot 20160502
F-Secure 20160503
Fortinet 20160503
GData 20160503
Ikarus 20160503
Jiangmin 20160503
K7AntiVirus 20160502
K7GW 20160503
Kaspersky 20160503
Kingsoft 20160503
Malwarebytes 20160503
McAfee 20160503
Microsoft 20160503
eScan 20160503
NANO-Antivirus 20160503
nProtect 20160502
Panda 20160502
Sophos 20160503
SUPERAntiSpyware 20160503
Symantec 20160503
Tencent 20160503
TheHacker 20160502
TrendMicro 20160503
TrendMicro-HouseCall 20160503
VBA32 20160502
VIPRE 20160503
ViRobot 20160503
Yandex 20160502
Zillya 20160502
Zoner 20160503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2015 Piriform Ltd

Product HCleaner
Original name hcleaner.exe
Internal name hcleaner
File version 5, 11, 00, 5408
Description HCleaner
Comments CCleaner
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-03 05:25:28
Entry Point 0x00007895
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
RegEnumKeyW
DeleteService
RegQueryValueExW
GetNamedSecurityInfoW
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
SetTokenInformation
RegOpenKeyW
RegisterServiceCtrlHandlerExW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
BuildExplicitAccessWithNameW
CreateProcessAsUserW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfigW
SetNamedSecurityInfoW
ReplaceFileA
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetFileAttributesA
SetEvent
GetDriveTypeA
lstrcmpW
GetLocalTime
DeleteCriticalSection
HeapReAlloc
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
ExpandEnvironmentStringsA
SetErrorMode
GetFileInformationByHandle
HeapSize
SetStdHandle
GetFileTime
FindResourceExA
GetCPInfo
GetProcAddress
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
EnumResourceLanguagesA
LoadLibraryW
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
GetProfileIntA
GetStringTypeExA
SetLastError
GetUserDefaultUILanguage
LocalLock
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
RemoveDirectoryA
RaiseException
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
_lclose
GlobalAddAtomW
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
GlobalFindAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetCurrentProcess
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetPriorityClass
GlobalAddAtomA
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
OpenWaitableTimerW
GlobalSize
UnlockFile
DosDateTimeToFileTime
GetFileSize
LCMapStringW
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetFullPathNameA
GlobalLock
_lread
GetProcessHeap
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
FreeEnvironmentStringsW
lstrcmpA
FindFirstFileExA
FindFirstFileA
lstrcpyA
EnumResourceNamesA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
DuplicateHandle
SearchPathA
WaitForMultipleObjects
SuspendThread
GetModuleFileNameA
GetTimeZoneInformation
CreateFileW
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
LocalUnlock
LeaveCriticalSection
GetLastError
IsValidCodePage
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
WinExec
OpenFile
CancelWaitableTimer
_lwrite
SizeofResource
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCurrentDirectoryA
GetShortPathNameA
GetCommandLineA
GetCurrentThread
GetTempPathA
EnumResourceTypesA
_lcreat
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
AddAtomA
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
CreateProcessA
WideCharToMultiByte
GetCurrentDirectoryW
HeapCreate
FindResourceW
OpenWaitableTimerA
Sleep
FindNextChangeNotification
GetFileAttributesExA
FindResourceA
ResetEvent
GetModuleInformation
GetModuleFileNameExW
SHEmptyRecycleBinW
SHGetSpecialFolderPathW
SHGetMalloc
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
SetFocus
MapWindowPoints
GetMonitorInfoW
GetForegroundWindow
GetParent
LoadIconA
GetMessageW
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
LoadStringA
IsWindowUnicode
EnumChildWindows
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
GetWindow
PostMessageW
CharUpperA
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
UnregisterClassA
PtInRect
LoadStringW
GetClientRect
GetMenuItemInfoW
DrawTextW
LoadImageW
MonitorFromWindow
ScreenToClient
CharNextW
InvalidateRect
SetTimer
CallWindowProcW
GetClassNameW
GetKeyboardLayout
GetMenuItemCount
MonitorFromPoint
SetWindowTextW
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetFocus
GetWindowLongW
SetForegroundWindow
TranslateAcceleratorW
TrackPopupMenuEx
SetCursor
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
_exit
_CIsin
__set_app_type
CoInitialize
Number of PE resources by type
RT_ICON 24
RT_BITMAP 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

Comments
CCleaner

LinkerVersion
9.0

ImageVersion
9.0

FileSubtype
0

FileVersionNumber
5.11.0.5408

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
HCleaner

CharacterSet
Unicode

InitializedDataSize
229376

EntryPoint
0x7895

OriginalFileName
hcleaner.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2015 Piriform Ltd

FileVersion
5, 11, 00, 5408

TimeStamp
2016:05:03 06:25:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hcleaner

ProductVersion
5, 11, 00, 5408

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Piriform Ltd

CodeSize
61952

ProductName
HCleaner

ProductVersionNumber
5.11.0.5408

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 1c2180abd771b92cdeb615d058f1486f
SHA1 fe443d71f269c3b151ede3a7780c153382d94c1b
SHA256 cbffcf639d8e7824f545c81f5615060a391996e9d731db14e64f1f5fda050ec7
ssdeep
3072:/xPB6OJJoEnInahXhqfkKvL4317Sw8W7+zzEkLzg3RDbzzgdG6saoxSO+Oazlk3x:JAmsnahxqfFEFtGLkyLsaowllkrCj

authentihash 81b8001c97b9c625d6ea109a2bafd5fa51f3306968b6d09519c87182dac48a12
imphash bacb7a309a91ee92cfec7e92715ba206
File size 213.0 KB ( 218112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-03 08:06:39 UTC ( 1 year, 1 month ago )
Last submission 2016-09-27 16:02:28 UTC ( 9 months ago )
File names hcleaner.exe
malware.exe
1c2180abd771b92cdeb615d058f1486f
lware.exe
hcleaner
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications