» DiskCleaner.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

DiskCleaner.exe

Disk Cleaner

SafeApp Software, LLC

The application DiskCleaner.exe by SafeApp Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Disk Cleaner’. This file is typically installed with the program Disk Cleaner by SafeApp Software, LLC which is a potentially unwanted software program.

File name:

DiskCleaner.exe

Publisher:

SafeApp Software, LLC (signed and verified)

Product:

Disk Cleaner

Version:

3.00.0015

MD5:

623c65fabddc57b4c4c57689d102415e

SHA-1:

f5812f2f6adc86d0c44eabead3168f884c11af8e

SHA-256:

5ada2509328e289bc94ae83635891532f6a8cfd905fce4ceaf7a63f9d27c5248

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/27/2024 1:59:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.8.16.13

File size:

4.9 MB (5,142,864 bytes)

Product version:

3.00.0015

Trademarks:

Disk Cleaner is a registered trademark of SafeApp Software, LLC

Original file name:

DiskCleaner.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\disk cleaner\diskcleaner.exe

Digital Signature

Signed by:

SafeApp Software, LLC

Authority:

VeriSign, Inc.

Valid from:

7/30/2013 2:00:00 AM

Valid to:

9/29/2014 1:59:59 AM

Subject:

CN="SafeApp Software, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="SafeApp Software, LLC", L=Harrison, S=New York, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

39DFB7C66366F1DCB93E2F14443E6433

File PE Metadata

Compilation timestamp:

11/26/2013 3:42:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:EVHrtVVv2UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUT:4rtVVv2UUUUUUUUUUUUUUUUUUUUUUUUF

Entry address:

0x169BC

Entry point:

68, 04, 75, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 40, 00, 00, 00, AB, E1, B8, 25, B5, 08, 57, 4A, 93, 7D, F3, 44, 82, ED, 61, 63, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 44, 49, 53, 4B, 43, 4C, 45, 41, 4E, 45, 52, 00, 00, 00, 00, 00, 44, 69, 73, 6B, 20, 43, 6C, 65, 61, 6E, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 07, C5, E3, C1, 68, 4A, 8F, AF, 40, B1, FE, 85, C4, 81, DD, 3A, C8, 32, 80, 12, 59, 53, F4, B5, 4B, 8C, 9D, 09... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

4.7 MB (4,923,392 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Disk Cleaner

Command:

"C:\Program Files\disk cleaner\diskcleaner.exe" \boot

The file DiskCleaner.exe has been discovered within the following program.

Disk Cleaner by SafeApp Software, LLC

Disk Cleaner starts automatically on system launch and will appear in the system tray and run in the background until closed. The trial mode of Disk Cleaner includes a daily and logon popup reminder that will show you the results of the last scan and offer available upgrades.

www.sasdiskcleaner.com

About 60% of users remove it

Remove DiskCleaner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.