» ncleaner_setup.exe
Overview
Analysis
File Details
Downloads (19)

ncleaner_setup.exe

nCleaner second

NKProds

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from doc-0s-9s-docs.googleusercontent.com and multiple other hosts.

File name:

ncleaner_setup.exe

Publisher:

NKProds

Product:

nCleaner second

Description:

nCleaner 2.3.4.0 Application

Version:

2.3.4.0

MD5:

54d78fef02a160fc7f5f00d0987d780c

SHA-1:

41ca7e9e27e544686ddad326456aee57d8569477

SHA-256:

6678b0de2392cc2b58458ee4046acf57a680df3c4d3e838dd22ce0b29c8cb20b

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 10:44:01 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.DownLoad3.31740

9.0.1.082

File size:

871.7 KB (892,614 bytes)

Trademarks:

nCleaner is a trademark of NKProds

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\ncleaner_setup.exe

File PE Metadata

Compilation timestamp:

5/5/2007 2:23:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:5KyXA8/XpdXK9tYl56/sUWJR5wCrkP3tnNmDZ79awq14Rk1fwO6k/C/Yl4a8JdOK:423XgI56bWJRrkPEd9HnkvxCAKEK

Entry address:

0x32FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 70, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 53, FF, 15, 78, 72, 40, 00, A3, D4, 3F, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, E8, F4, 41, 00, FF, 15, 54, 71, 40, 00, 68, 2C, 92, 40, 00, 68, 20, 37, 42, 00, E8, 9A, 27, 00, 00, FF, 15, B4, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 88, 27, 00, 00, 53, FF, 15, 08, 71, 40, 00, 80, 3D, 00, 90, 42, 00, 22, A3, 20, 3F, 42, 00, 8B, C7, 75, 0A... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file ncleaner_setup.exe has been seen being distributed by the following 19 URLs.

https://doc-0s-9s-docs.googleusercontent.com/docs/securesc/5jhv95mepb1p4dc71nperlapukdeju8s/j58n2s5l4epau4edmp2sjc7bghkpj382/1487073600000/02303552527078405660/.../0BwEuWe5d9AG-MWtkUUFsOWU0Umc?e=download

https://dw.uptodown.com/dwn/YBzoowumNIskP1XfLDtP7OpZAN1Om-xSPbkS-I8xrfFrgdWLJFwJIQMl_GkdCfqOj70h5M5YRA5Egae2-vY-T2r1ZMKe9bEBYwKd9Dd3qVWeJy19y6xJshEcOHACFdYT/vMwA7X5Mk9bGn90nKQ3Z4S6R0XqUMNDNpq2Ys6iQc68eVYeWwxUZRMdnRsWLory2WwxAomIi6uGPo4Nhl--XteXA8jRacnqmoLrY5MV8E9l-9dAKECaslJkZW3MvftkO/yRtAHYPq4MrxZfaUlOQKJstwZeCihrsjwyeI24bArRsGlq2FQxdgO8gF73ceUwmb2pDAj1NC4E-ad5ZuADJ3pArGC4UnYhEUMBiGaJVRFCMWXO0J4h5tZHQ3IrFGf33g/.../

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_en&type=PROGRAM&Expires=1465039305&Signature=hjiAr2xIzwsQ0FRVMZfk2EBZRKo2OdX4d4mu4Qdr1NHDlNEQTaURYjK1MIBmxET82UTSmV-B8H2k4w9GpT8WrsCWy2nm24WsNNRFrl9jV4n-sMy9WUtUCC2HwL~rbxqkgVty-I7RyEVdV5cnKVK3dbElrQcZef99URQoEPhbjK8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_en&type=PROGRAM&Expires=1480618765&Signature=R6PhVc6NyoqhNohMoBShKTwgVm8wAJK-mn4gw3sPSnOjkMxWXPq0Yo7vhYaMB5noV6TaX6WyXzQvsHXrAQBzZqrizy2rwA-D5-spSO6l7fVmZN8ZIxgiACZt0wRGhARfYyCChFHCKfnx7aHZJCTzdsJBL9DuBflRZJPDdWwPZYw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&

https://dw.uptodown.com/dwn/xltY0dGcGC6uEKce_kgCEqx816eyDakbixJwa575jJv-WNFnjPS560k-1hX1uEHS8gN01YnWEM7-IX_h2eeasEwJS1OKpNClexkESkDK9njfYZZpWKrDXfFZstv_ZH-O/7qWDsX4u9VPOp2or2P4lsRy_065NqVRw1QYkmviLDWxDgHumuKQ8dcuV_h4yZsBuGckRbCg2rCHzyW7USXZnCDMcwGLkgkrHBQ1851rQq7OYeHkhZr11YKLSkaOyZ-A8/oDtVF4L6AH8_ssqTxCt_QlcfUrDNRk5rtK_dJkENYEGQH7iV9F1zngnY-r0lsYENT8mx-vISiBY4NmpsEcpASbaGbHBCNqw7ryzRtX2d8EFMALnkaIWaC4EtEyU5de7-/.../

http://c236.y8top.net/2107tmp/cf/soft/2013/11/ba/.../ncleaner_234.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_it&type=PROGRAM&Expires=1468721151&Signature=DunT09ilPgo-HHoJcVomX5MYQnwGlTmmDrNezEd5oI-6DRAun64YOG45S2UPHFycWM0d5NPglc1cNwcdfqKo2eIAtIPq1oB5HihOfbRBgMtAXIbwFwMef8MyA70vpMnezvIRq4XZq7u9i8mz2lmkHCpQnCBaRDWUmxm5P76u9pc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_en&type=PROGRAM&Expires=1471901237&Signature=KXyLsscF4ISD-ad10s0E7tuF-ZOwAPp2Ny20~uZ8xv5ZATE4YXe92Kj1of-cnVs9-Xk3tu4GAhBcw0pQpfmBzezr0FjEiGEwrBBncQsJNt-~wRIjgrI-4l1PURpObR3DWUXHJOJS4bf~wmzjWZitlkwMsNM392znIZ91ClmPLLM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_it&type=PROGRAM&Expires=1465346838&Signature=Xp6STx5XDYqmjdHOjPE0366fy7E5tPpjn~PXSlo2SWtgPAz5DOYZBsBSdBLh5Rurx9yj7ikVdwRmO1VneCiSZHH-QGJ96BBbH9e4vNOmByuTiuxgWKEHxq~hy1zVBb92HkT9efG5ugcBm91htK1Lp08tZaHCOLFGgCAMec-Yoqc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_it&type=PROGRAM&Expires=1465459942&Signature=USlJbhs~5IDW-pL3FjKQNteB3In66yaEFa2qCtQ42bEwg9C5jphoA4E-pR3pOwXQ3kttlxMn~X4fiFnUWkk~mMYkOvWjQVUhqDT224K6z1z3Wbt~zljfCVCywTW7KIySc8N5oQAe9iAevOJ7u9Exk4svg5LnuWYMPFGO6ikoKyo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_en&type=PROGRAM&Expires=1461555470&Signature=SNFs27Wcvzra1aMvuQevBjjuooZ4NXsV7tlszGikbTQheEB8S~zoltuPMFZx6Nv-4MEtdyWnRPmIaeMLPwM5gPaG00yvcTlr73z7SO83Fjuw6kROGfGf-4PYK3De7GoQQxcOGsUBnMgan2EDA8TbzQobsB~4oafyRl5MVnC8zL4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_en&type=PROGRAM&Expires=1459019836&Signature=YcHSp9sRcZhY33LkJauM7~qZ63cMzzF8werqD9vUgNK~jr7Op2TrhS5rJWsk6HjjBEcaX06W4ZKQzuqILiCp1ufyryyxIYQm~mjDLj5pEpN7Un7g6ctg78jBNo2xekBcdbZX-OG11nwjyVkpLS7MUGI9931LZvEgiYyB6tW1xGI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_en&type=PROGRAM&Expires=1454569625&Signature=gNiR6lw7goXTAsmyGgoi3GTRhm0eWZcBR6wIoNZXll6q4s934fiwzUjcROSnRMaB2Jw6DL1tauNWqRmv19s15P99imQ11bSmat9U3vWdQGThDOZYxy0quq7cnLjehsykJQYEiYDlqF9eWrDrvX4-~8nLTt8hXMs2p8kclZ7kq1Q_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ncleaner_setup.exe

http://files.downloadnow.com/s/software/10/84/18/.../ncleaner_setup.exe

http://indir.gezginler.net/i/3577/.../

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_it&type=PROGRAM&Expires=1429292200&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=XLagv-4FYGJZmdlz4xOz2edbaPPAUJva6HFB3GxbctwYrGgOFQWvAoJNM42GFVYY7dAh7pjuYlHvclGDF33gGbIg0bbn2BQFRIWoxUlajbD81FouGdmt8bzIiyvCFR4dkuM4SsEFn5OUW-QEup5l60EQa66BceZIn9Ukyd4dy04_&filename=ncleaner_setup.exe

http://gsf-cf.softonic.com/41c/a7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59675&instance=softonic_it&type=PROGRAM&Expires=1425510489&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=ULw8zUhUeSuVseidTXcntPQwxaAE~3A-TTfYfiZHQ~BHlQyaqKnqZGg044LbKUh4e-gwKEMFM858JjEbypFFKYeq13Y3kZMG3vAosn4EfFq8Lt5RoArHZE7ro8XD5bEbsIQO0ofyRfNOjzqcJFNLsvZ~Sb3RAYPg8NZLSmjqjM0_&filename=ncleaner_setup.exe

http://www.nkprods.com/ncleaner_setup.exe

Scan ncleaner_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.