» DiskCleanerFree.exe
Overview
Analysis
File Details
Downloads (1)

DiskCleanerFree.exe

Disk Cleaner Free

TechEvolve GMBH

The application DiskCleanerFree.exe, “Disk Cleaner Free Setup ” by TechEvolve GMBH has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from www.disk-cleaner.net.

File name:

DiskCleanerFree.exe

Publisher:

WareTorch Co., Ltd. (signed by TechEvolve GMBH)

Product:

Disk Cleaner Free

Description:

Disk Cleaner Free Setup

MD5:

9deed5f6be04a23bb64f809419b7fa80

SHA-1:

e90b4623399cc5aa1c5022dbe12f3de023edd7a5

SHA-256:

2b6bdb318418a2aa4df5e3d24c6fd4cf9718abd193ff459352c47a267a7a8a74

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/25/2024 7:37:39 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/OpenCandy.AB.1

7.11.141.72

ESET NOD32

Win32/OpenCandy

8.9639

Fortinet FortiGate

Adware/OpenCandy

4/14/2014

NANO AntiVirus

Trojan.Win32.OpenCandy.cumjqq

0.28.0.58873

Reason Heuristics

PUP.Optional.Installer.P

14.4.14.5

File size:

4 MB (4,239,448 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\diskcleanerfree.exe

Digital Signature

Signed by:

TechEvolve GMBH

Authority:

VeriSign, Inc.

Valid from:

12/15/2012 7:00:00 PM

Valid to:

12/16/2015 6:59:59 PM

Subject:

CN=TechEvolve GMBH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TechEvolve GMBH, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

50FF3D5C361AE9F52E4B0A3CF576C6EE

File PE Metadata

Compilation timestamp:

1/30/2013 9:21:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:9iaQmOW5k/PGzxKxV6n11ygUltI/LA1B7N3:FQmO93Gz8V6neltI/LC7h

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9910

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file DiskCleanerFree.exe has been seen being distributed by the following URL.

http://www.disk-cleaner.net/DiskCleanerFree.exe

Remove DiskCleanerFree.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.