home

ccsetup321.exe

CCleaner

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with multiple programs including CCleaner. The file has been seen being downloaded from 10.31.32.37 and multiple other hosts.
Publisher:
Piriform Ltd  (signed and verified)

Product:
CCleaner

Description:
CCleaner Installer

Version:
2.0.0.0

MD5:
e17022079d0fdac6ea094b1e29d22b61

SHA-1:
432e95c9b13671b563fddeca6c408a763b4020f8

SHA-256:
298756a1679219eabdb04b7a3f5453414f988ed1d4e06f53d229a90f31f3ca0c

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 11:01:13 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Google
8.9418

File size:
3.7 MB (3,907,920 bytes)

Copyright:
Copyright © 2005-2012 Piriform Ltd

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ccsetup321.exe

Digital Signature
Signed by:
Piriform Ltd

Authority:
VeriSign, Inc.

Valid from:
7/6/2011 12:00:00 AM

Valid to:
8/22/2013 11:59:59 PM

Subject:
CN=Piriform Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
741D340793306ACA84FAB3ABBB1567CE

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:CIMBUIzloMq7NbqXVZV0dKgWa9xOW99izpaE1Ze0bxI/h2sNQi1VA:CJBUkoM6MKAlaE7e0m/XNQi1VA

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file ccsetup321.exe has been discovered within the following programs.

µTorrent  by BitTorrent Inc.
µTorrent is a is a free, ad-supported, lighter-weight BitTorrent client designed to consume less resources then the full BitTorrent version.
www.utorrent.com
12% remove it
360Amigo System Speedup PRO  by 360Amigo
360Amigo System Speedup is a tool of Windows that works quickly in identifying the problem and fix it if there are some mistakes that result in slow system performance.
www.360amigo.com
56% remove it
CCleaner  by Piriform
CCleaner developed by Piriform, is a utility program used to clean potentially unwanted files and invalid Windows Registry entries from a computer.
www.piriform.com/ccleaner
3% remove it
Defraggler  by Piriform
Defraggler is a defragmentation utility which allows users to defragment individual files on their computer system. Defraggler can defragment individual files, groups of files (in a folder) or an entire disk partition, either by the user's command or automatically on a schedule.
www.piriform.com/defraggler
5% remove it
Download Accelerator Plus (DAP)  by SpeedBit Ltd.
Download Accelerator Plus (also referred to as DAP) is a download manager for Microsoft Windows. It uses multipart download to increase speeds, creating multiple connections of different file segments to speed up downloads.
redir.speedbit.com/redir.asp?ID=7064
22% remove it
QQ International  by Tencent Technology (Shenzhen) Company Limited
Publisher's description - “Video calls, voice messages, texting with heaps of fun emoticons. QQ makes sharing moments and memories much easier... The fun is always on with 100+ million online users at any time. QQ comes with a built-in translator for all your chats.”
www.tencent.com
5% remove it
Speccy  by Piriform
Speccy is a tool that allows the user to see information about hardware and software of the computer.
www.piriform.com/speccy
11% remove it
Xirrus Wi-Fi Inspector  by Xirrus
Publisher's description - “The Xirrus Wi-Fi Inspector is a powerful tool for managing and troubleshooting the Wi-Fi on a Windows XP SP2 or later, Vista, or 7 laptop. Built in tests enable you to characterize the integrity and performance of your Wi-Fi connection. ”
www.xirrus.com
9% remove it
 
Powered by Should I Remove It?

The file ccsetup321.exe has been seen being distributed by the following 15 URLs.

http://10.31.32.37/billing/.../ccsetup321.exe

http://27.54.171.236/download/SOFTWARE/.../ccsetup321.exe

https://doc-10-24-docs.googleusercontent.com/docs/securesc/f598u2cu9mmgfs4gio23crr0u8vr483c/jor9p045l58brqlpnt855mgtknhk5ka6/1461427200000/.../02910462914763639981/0B5BmSGWO8rNzS1J2ZmtySVoxUU0?e=download

http://filehippo.com/download/file/.../

http://fs31.filehippo.com/4823/.../ccsetup321.exe

http://fs11.filehippo.com/4036/.../ccsetup321.exe

http://fs33.filehippo.com/7498/.../ccsetup321.exe

http://downloads.pcworld.com/pub/new/utilities/.../ccsetup321.exe

http://fs31.filehippo.com/9347/.../ccsetup321.exe

http://fs40.filehippo.com/9467/.../ccsetup321.exe

http://fs33.filehippo.com/5502/.../ccsetup321.exe

http://download.piriform.com/ccsetup321.exe

http://fs13.filehippo.com/1832/.../ccsetup321.exe

http://software-files-a.cnet.com/s/software/12/65/45/.../ccsetup321.exe

http://www.filehippo.com/download/file/.../

Scan ccsetup321.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.