» ccleaner_professional___business_edition_v4.06.exe
Overview
Analysis
File Details

ccleaner_professional___business_edition_v4.06.exe

Tanja Matkovic

The application ccleaner_professional___business_edition_v4.06.exe by Tanja Matkovic has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.

File name:

Publisher:

Tanja Matkovic (signed and verified)

MD5:

4861d35971e0c871f69fcdab896d7c85

SHA-1:

d2d41c3c73d874c4ac7e98a62bdb05d89439dbeb

SHA-256:

31174ab5701fb98b6e1cf5929a758d32ad98257f9e741ae2b2c770b91285fcce

Scanner detections:

16 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

4/26/2024 12:06:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Bundler.DefaultTab.1

896

Avira AntiVirus

APPL/CoolMirage.Gen

7.11.168.226

avast!

Oneclick-H [PUP]

140813-1

Bitdefender

Gen:Application.Bundler.DefaultTab.1

1.0.20.1170

Dr.Web

Adware.Yontoo.4

9.0.1.05190

ESET NOD32

Win32/AdWare.1ClickDownload.AR application

7.0.302.0

F-Secure

Gen:Application.Bundler.DefaultTab

11.2014-22-08_6

G Data

Gen:Application.Bundler.DefaultTab

14.8.24

Malwarebytes

PUP.Optional.OneClickDownloader.A

v2014.08.22.05

McAfee

Adware-SweetIM

5600.7030

MicroWorld eScan

Gen:Application.Bundler.DefaultTab.1

15.0.0.702

NANO AntiVirus

Riskware.Nsis.Downware.czyjkl

0.28.2.61721

Reason Heuristics

PUP.TanjaMatkovic.q

14.8.21.12

Sophos

1 Click Downloader

4.98

VIPRE Antivirus

Threat.4786236

32210

Zillya! Antivirus

Downloader.Adload.Win32.17446

2.0.0.1899

File size:

325.6 KB (333,376 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\ccleaner_professional___business_edition_v4.06.exe

Digital Signature

Signed by:

Tanja Matkovic

Authority:

Thawte, Inc.

Valid from:

4/30/2013 8:00:00 PM

Valid to:

5/1/2014 7:59:59 PM

Subject:

CN=Tanja Matkovic, OU=Individual Developer, O=No Organization Affiliation, L=Subotica, S=Subotica, C=RS

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6A3131F81D52E40A00F4396C56D649C5

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:ysd771L1cONT9f/YExk96YriiMqjBGWKYecW2Yo1ySDEkNSMCSW:371eOnf/1x/7M1fKYecW7S13W

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.8524

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove ccleaner_professional___business_edition_v4.06.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.