× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9fd8bd07fc09aad4c44263ef60a8c24d914fdb4c09ac1343f81c5e85125d264
Detection ratio: 0 / 68
Analysis date: 2018-03-05 22:03:02 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180305
AegisLab 20180305
AhnLab-V3 20180305
Alibaba 20180305
ALYac 20180305
Antiy-AVL 20180305
Arcabit 20180305
Avast 20180305
Avast-Mobile 20180305
AVG 20180305
Avira (no cloud) 20180305
AVware 20180305
Baidu 20180305
BitDefender 20180305
Bkav 20180305
CAT-QuickHeal 20180305
ClamAV 20180305
CMC 20180305
Comodo 20180305
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180305
Cyren 20180305
DrWeb 20180305
eGambit 20180305
Emsisoft 20180305
Endgame 20180303
ESET-NOD32 20180305
F-Prot 20180305
F-Secure 20180305
Fortinet 20180305
GData 20180305
Ikarus 20180305
Sophos ML 20180121
Jiangmin 20180305
K7AntiVirus 20180305
K7GW 20180305
Kaspersky 20180305
Kingsoft 20180305
Malwarebytes 20180305
MAX 20180305
McAfee 20180305
McAfee-GW-Edition 20180305
Microsoft 20180305
eScan 20180305
NANO-Antivirus 20180305
nProtect 20180305
Palo Alto Networks (Known Signatures) 20180305
Panda 20180305
Qihoo-360 20180305
Rising 20180305
SentinelOne (Static ML) 20180225
Sophos AV 20180305
SUPERAntiSpyware 20180305
Symantec 20180305
Symantec Mobile Insight 20180220
Tencent 20180305
TheHacker 20180305
TotalDefense 20180305
TrendMicro 20180305
TrendMicro-HouseCall 20180305
Trustlook 20180305
VBA32 20180305
VIPRE 20180305
ViRobot 20180305
Webroot 20180305
WhiteArmor 20180223
Yandex 20180303
Zillya 20180305
ZoneAlarm by Check Point 20180305
Zoner 20180305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C) 2017 Malwarebytes

Product AdwCleaner
Original name AdwCleaner.exe
Internal name AdwCleaner
File version 7.0.4.0
Description AdwCleaner
Signature verification Signed file, verified signature
Signing date 2:34 AM 10/28/2017
Signers
[+] Malwarebytes Corporation
Status Valid
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 7/21/2016
Valid to 1:00 PM 7/25/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 249BDA38A611CD746A132FA2AF995A2D3C941264
Serial number 04 4E 3B F5 89 76 88 0F FD 07 44 48 A8 F7 A0 58
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-28 01:34:20
Entry Point 0x0038B57D
Number of sections 6
PE sections
Overlays
MD5 a18d4a8d58c01bbfbbc69454a05d0c70
File type data
Offset 8246272
Size 15312
Entropy 7.19
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
ConvertSidToStringSidW
RegDeleteTreeW
RegCreateKeyW
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegOpenKeyExW
RegRestoreKeyW
DeleteService
CryptHashData
RegQueryValueExW
CryptCreateHash
CloseServiceHandle
OpenProcessToken
RegGetValueW
RegEnumKeyW
RegDeleteKeyValueW
IsValidSid
SystemFunction036
LookupAccountNameW
CryptReleaseContext
GetUserNameW
EnumServicesStatusExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
RegEnumValueW
RegSetValueExW
FreeSid
CryptGetHashParam
OpenSCManagerW
QueryServiceStatusEx
RegDeleteKeyExW
RegSaveKeyW
EnumDependentServicesW
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_BeginDrag
ImageList_Destroy
ImageList_SetBkColor
ImageList_Draw
ImageList_GetImageInfo
ImageList_Create
ImageList_Remove
ImageList_DragEnter
ImageList_DragMove
ImageList_DragLeave
Ord(17)
Ord(16)
ImageList_Add
ImageList_GetIcon
ImageList_Replace
ImageList_Copy
ImageList_ReplaceIcon
ImageList_SetDragCursorImage
ImageList_EndDrag
PrintDlgW
GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
CommDlgExtendedError
PageSetupDlgW
CertFreeCertificateContext
CryptBinaryToStringW
CertGetNameStringW
CryptVerifyMessageSignature
GetCharABCWidthsW
GetTextMetricsW
SetMapMode
GetPaletteEntries
CombineRgn
GetObjectType
SetLayout
SetPixel
SetWorldTransform
DeleteObject
CreatePalette
EqualRgn
CreateDIBitmap
GetDIBits
ExtCreateRegion
StretchBlt
StretchDIBits
Pie
SetWindowExtEx
Arc
ExtCreatePen
SetBkColor
GetBkColor
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
GetClipBox
CreateRectRgnIndirect
GetEnhMetaFileW
GetPixel
GetLayout
ExcludeClipRect
SetBkMode
RectInRegion
PtInRegion
GetRegionData
BitBlt
CreateEnhMetaFileW
SetAbortProc
SelectPalette
GetOutlineTextMetricsW
ExtSelectClipRgn
CloseEnhMetaFile
SetROP2
EndPage
GetNearestPaletteIndex
PolyPolygon
SetViewportExtEx
SetGraphicsMode
CreatePen
SetStretchBltMode
Rectangle
GetDeviceCaps
LineTo
DeleteDC
EndDoc
CreateFontIndirectW
GetWorldTransform
StartPage
GetObjectW
CreateDCW
RealizePalette
CreateHatchBrush
CreatePatternBrush
OffsetRgn
ExtTextOutW
CreateBitmap
GetStockObject
PlayEnhMetaFile
GdiFlush
SelectClipRgn
RoundRect
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
Polygon
GetRgnBox
CreateICW
MaskBlt
ModifyWorldTransform
GetTextExtentExPointW
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateCompatibleDC
PolyBezier
SetBrushOrgEx
CreateRectRgn
SelectObject
SetPolyFillMode
CreateCompatibleBitmap
CreateSolidBrush
Polyline
StartDocW
Ellipse
SetThreadLocale
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
EncodePointer
SetConsoleCursorPosition
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
FindFirstFileExW
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetDiskFreeSpaceW
GetTempPathW
MoveFileA
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
CreateEventW
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
GetPrivateProfileSectionNamesW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
VirtualLock
GetSystemTime
InitializeCriticalSection
CopyFileW
LoadResource
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
FlushViewOfFile
LoadLibraryA
VerSetConditionMask
SetThreadPriority
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
GetPrivateProfileStringW
FormatMessageA
SetFilePointer
SetFileAttributesW
LockFileEx
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
Wow64DisableWow64FsRedirection
GetExitCodeThread
SetUnhandledExceptionFilter
GetCurrentProcess
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
GetUserDefaultLocaleName
DecodePointer
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
UnlockFileEx
VirtualProtect
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
GetACP
FreeLibrary
GlobalSize
UnlockFile
GetWindowsDirectoryW
GetFileSize
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetConsoleScreenBufferInfo
GetProcessHeap
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
InterlockedIncrement
HeapValidate
FreeConsole
CreateFileMappingA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GlobalLock
CreateFileMappingW
GetTimeZoneInformation
CreateFileW
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
HeapReAlloc
GetTimeFormatW
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
QueryPerformanceFrequency
LockFile
lstrlenW
Process32NextW
VirtualFree
HeapCompact
WaitForSingleObjectEx
SwitchToThread
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
ReadConsoleW
MapViewOfFile
TlsFree
GetModuleHandleA
VirtualUnlock
ReadFile
CloseHandle
ReadConsoleOutputCharacterA
VerifyVersionInfoW
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
IsBadStringPtrA
InitializeCriticalSectionEx
VirtualAlloc
AlphaBlend
GradientFill
VarBstrFromCy
SysFreeString
SysStringLen
VariantClear
SysAllocString
RpcStringFreeW
UuidToStringW
SHGetFolderPathW
DragFinish
DragQueryFileW
DragAcceptFiles
SHFileOperationW
ShellExecuteW
DragQueryPoint
ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ExtractIconW
PathIsRelativeW
StrTrimW
Ord(487)
PathAddBackslashW
PathCanonicalizeW
SHAutoComplete
RedrawWindow
GetMessagePos
SetWindowRgn
UnregisterHotKey
LoadBitmapW
MoveWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
DrawStateW
SetWindowPos
DdeDisconnect
IsWindow
EndPaint
DdePostAdvise
WindowFromPoint
DdeCreateStringHandleW
GetMessageTime
VkKeyScanW
SetMenuItemInfoW
GetMenuItemID
GetCursorPos
ChildWindowFromPointEx
SendMessageW
UnregisterClassW
GetClassInfoW
DdeInitializeW
DefWindowProcW
DrawTextW
LoadImageW
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
GetClientRect
DdeQueryStringW
GetActiveWindow
ShowCursor
GetUpdateRgn
DdeCreateDataHandle
GetWindowTextW
ChangeDisplaySettingsExW
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
PtInRect
DrawEdge
RegisterHotKey
GetParent
UpdateWindow
EnumWindows
GetMessageW
ShowWindow
SetMenuInfo
DrawFrameControl
EnumDisplayMonitors
ValidateRgn
PeekMessageW
InsertMenuItemW
CharUpperW
GetClipboardFormatNameW
EnumDisplaySettingsW
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetIconInfo
SetParent
RegisterClassW
CharLowerA
IsZoomed
GetWindowPlacement
SetWindowLongW
DrawMenuBar
EnableMenuItem
GetSubMenu
CreateMenu
DdeClientTransaction
IsDialogMessageW
EnableWindow
MonitorFromPoint
CreateAcceleratorTableW
GetSysColorBrush
GetDialogBaseUnits
DdeConnect
CreateWindowExW
GetWindowLongW
DestroyWindow
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
SetFocus
DdeFreeStringHandle
keybd_event
KillTimer
MapVirtualKeyW
GetComboBoxInfo
CheckMenuRadioItem
GetSystemMetrics
IsIconic
DdeGetData
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
CreateIconIndirect
PostMessageW
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
DrawFocusRect
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
BringWindowToTop
GetSystemMenu
ClientToScreen
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
FillRect
SetForegroundWindow
ExitWindowsEx
GetMenuItemInfoW
GetAsyncKeyState
CreateDialogIndirectParamW
ReleaseDC
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
CopyRect
GetCapture
ScreenToClient
MessageBeep
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
DdeUninitialize
FlashWindowEx
SetMenu
SetRectEmpty
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
DispatchMessageW
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
GetProcessDefaultLayout
GetDoubleClickTime
DestroyIcon
IsWindowVisible
GetDesktopWindow
DdeNameService
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
SetRect
InvalidateRect
AnimateWindow
CallWindowProcW
GetClassNameW
ModifyMenuW
ValidateRect
IsRectEmpty
GetFocus
wsprintfW
DdeGetLastError
SetCursor
UnhookWindowsHookEx
TranslateAcceleratorW
GetProfilesDirectoryW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
DocumentPropertiesW
ClosePrinter
OpenPrinterW
WinVerifyTrust
ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData
CoInitializeEx
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoLockObjectExternal
ReleaseStgMedium
CoCreateGuid
RegisterDragDrop
CoCreateInstance
CoInitializeSecurity
DoDragDrop
RevokeDragDrop
OleSetClipboard
OleGetClipboard
OleFlushClipboard
CoTaskMemFree
OleIsCurrentClipboard
CoSetProxyBlanket
CoTaskMemAlloc
Number of PE resources by type
MOFILE 29
RT_ICON 6
BINARY 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 40
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Malwarebytes

SubsystemVersion
6.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
AdwCleaner

CharacterSet
Unicode

InitializedDataSize
3857408

EntryPoint
0x38b57d

OriginalFileName
AdwCleaner.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2017 Malwarebytes

FileVersion
7.0.4.0

TimeStamp
2017:10:28 02:34:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AdwCleaner

ProductVersion
7.0.4.0

UninitializedDataSize
0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Malwarebytes

CodeSize
4615680

ProductName
AdwCleaner

ProductVersionNumber
7.0.4.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 a90df75d527eb7b804a5ffa53450ab88
SHA1 c866ccce25d8166fd524ba1cd390fe0874a5c538
SHA256 f9fd8bd07fc09aad4c44263ef60a8c24d914fdb4c09ac1343f81c5e85125d264
ssdeep
196608:84rcdT4CNzu8dVaTeOZ2uvumYDE+9moOgUQ6xPQssfdobF0:8Kcu8dVaTigSISKslYF0

authentihash 6924287b6c7e7c247b852fb11458fa8edd2747752a6d513f51049173b7e9e1c0
imphash 16694789796c61f9da6862576c07ff38
File size 7.9 MB ( 8261584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (91.7%)
Win32 Executable (generic) (3.5%)
OS/2 Executable (generic) (1.5%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-10-28 01:47:10 UTC ( 5 months, 4 weeks ago )
Last submission 2018-04-21 21:41:26 UTC ( 2 days, 7 hours ago )
File names adwcleaner.exe
adwcleaner_7-0-4-0_fr_430277.exe
adwcleaner_7.0.4.0.exe
adwcleaner-www.kurulumyap.com.exe
adwcleaner_7.0.4.0.exe
adwcleaner.exe
adwcleaner_7.0.4.0.exe
adwcleaner-7-0-4-0.exe
adwcleaner_7.0.4.0.exe
adwcleaner-7-0-4-0 (2).exe
AdwCleaner.exe
adwcleaner.7.0.4.0.exe
adwcleaner_7.0.4.0.exe
f9fd8bd07fc09aad_adwcleaner.exe
adwcleaner_7.0.4.0.exe
adwcleaner_7.0.4.0.exe
adwcleaner_7.0.4.0.exe
ADW CLEANER.exe
Malwarebytes AdwCleaner 7.0.4.0.exe
adwcleaner-7-0-4-0.exe
adwcleaner_7.0.4.0_2.exe
adwcleaner_7.0.4.0 (1).exe
adwcleaner_7.0.4.0.exe
adwcleaner_7.0.4.0.exe
adwcleaner.7.0.4.0_Softgozar.com.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!