» ccsetup_513.exe
Overview
Analysis
File Details
Programs (1)
Downloads (306)

ccsetup_513.exe

CCleaner

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from fs31.filehippo.com and multiple other hosts.

File name:

ccsetup_513.exe

Publisher:

Piriform Ltd (signed and verified)

Product:

CCleaner

Description:

CCleaner Installer

Version:

2.0.0.0

MD5:

ecfe1c2b2e07596e78c39637f5303e25

SHA-1:

c98f041f2e590541bf58a4318e92c0617427a6ce

SHA-256:

1370f1ec63698b4c788929a15e2fe48f517f4dbaff006622e96dfe38a9e9b0ec

Scanner detections:

2 / 68

Status:

Clean (2 possible false positive detections)

Analysis date:

4/25/2024 9:08:27 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Bundled.Toolbar.Google.D potentially unsafe application

7.0.302.0

Reason Heuristics

PUP.Bundle.Toolbar (M)

16.11.11.1

File size:

6.5 MB (6,805,440 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Turkish (Turkey)

Common path:

C:\users\{user}\downloads\ccsetup_513.exe

Digital Signature

Signed by:

Piriform Ltd

Authority:

Symantec Corporation

Valid from:

8/12/2015 3:00:00 AM

Valid to:

10/11/2018 2:59:59 AM

Subject:

CN=Piriform Ltd, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

4B48B27C8224FE37B17A6A2ED7A81C9F

File PE Metadata

Compilation timestamp:

2/24/2012 9:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:yaDLhETYw84akP4eIeudCkYyKzOnrDInfya/K3JqD8amBX6RI70zovkWLD8sCBv/:yaZIj8P7PKhnKaVurNGvvdlmOnjXt

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file ccsetup_513.exe has been discovered within the following program.

Free Youtube To Video Converter by Media Freeware

The installer uses the OutBorwse download manager to bundle additional adware during install including Conduit Search Protect, Yontoo PlurPush, SysTweak and other toolbars and potentially unwanted software utilities.

www.mediafreeware.com

88% remove it

The file ccsetup_513.exe has been seen being distributed by the following 50 URLs.

http://fs31.filehippo.com/1287/.../ccsetup513.exe

http://ec.ccm2.net/ccm.net/download/.../ccsetup_513.exe

http://filehippo.com/es/download/file/.../

http://filehippo.com/pl/download/file/.../

http://filehippo.com/it/download/file/.../

http://201.31.162.87/cache/.../ccsetup513.exe

http://fs41.filehippo.com/4450/.../ccsetup513.exe