home

ccleaner-setup.exe

CCleaner

CPC NET ADVERTISING LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application ccleaner-setup.exe, “Setup Launcher Unicode ” by CPC NET ADVERTISING has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Piriform CCleaner but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Nom de votre société   (signed by CPC NET ADVERTISING LLC)

Product:
CCleaner

Description:
Setup Launcher Unicode

Version:
1.00

MD5:
9a27dedede19d27d9f4d4716deb97031

SHA-1:
6af9c0595c89e43249796ecaf5723ec65fe58354

SHA-256:
55f6b14beb4874b2a6c98a2addabc8138fd14750c088e0678cf49e74ee379caa

Scanner detections:
2 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 4:36:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.CPCNETADVERTISING.O
14.7.27.7

Trend Micro House Call
TROJ_GEN.F47V0602
7.2.208

File size:
9.1 MB (9,570,160 bytes)

Product version:
1.00

Copyright:
Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
French (France)

Common path:
C:\users\{user}\downloads\ccleaner-setup.exe

Digital Signature
Signed by:
CPC NET ADVERTISING LLC

Authority:
Thawte, Inc.

Valid from:
11/27/2012 1:00:00 AM

Valid to:
11/28/2013 12:59:59 AM

Subject:
CN=CPC NET ADVERTISING LLC, O=CPC NET ADVERTISING LLC, L=NEW CASTLE, S=DELAWARE, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6B567CAF2E519F1430E88B668E6CC8A1

File PE Metadata
Compilation timestamp:
9/22/2009 6:59:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:3BSZH3rcPBeqGvs0uFd/RWXgqMPRm+EAGKPirsDd8sRdayuTB:IZHbQqvsZHml+9WsG9TB

Entry address:
0x56683

Entry point:
55, 8B, EC, 6A, FF, 68, F8, 7E, 47, 00, 68, 60, 72, 45, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 7C, 61, 47, 00, 33, D2, 8A, D4, 89, 15, 30, 87, 49, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 2C, 87, 49, 00, C1, E1, 08, 03, CA, 89, 0D, 28, 87, 49, 00, C1, E8, 10, A3, 24, 87, 49, 00, 6A, 01, E8, 44, 3E, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, D9, 1A, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
465.5 KB (476,672 bytes)

Remove ccleaner-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.