home

PCCleanerProSetup.exe

Rspark LLC

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application PCCleanerProSetup.exe, “This installer database contains the logic and data required to install PC Cleaner Pro.” by Rspark has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The installer is marketed through download protals and search ads as the free Piriform CCleaner but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
PC Cleaner Pro  (signed by Rspark LLC)

Product:
PC Cleaner Pro

Description:
This installer database contains the logic and data required to install PC Cleaner Pro.

Version:
2.4.8

MD5:
464ffc6bdb5717f170969c228099b52e

SHA-1:
241c6f459c1146590fc2562cab382c35d5390868

SHA-256:
390bd0555759291333c04932941827ed42e22c5f17fc6728e29615902a6f1eba

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/5/2024 4:11:30 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
OutBrowse
2016.0.3200

Reason Heuristics
PUP.Installer.Outbrowse
15.2.12.15

File size:
5.1 MB (5,312,904 bytes)

Product version:
2.4.8

Copyright:
Copyright (C) 2014 PC Cleaner Pro

Original file name:
PCCleanerProSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pccleanerprosetup.exe

Digital Signature
Signed by:
Rspark LLC

Authority:
DigiCert Inc

Valid from:
11/24/2013 7:00:00 PM

Valid to:
1/26/2015 7:00:00 AM

Subject:
CN=Rspark LLC, O=Rspark LLC, L=Seattle, S=Washington, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0976B99960384A542A28908A69282E73

File PE Metadata
Compilation timestamp:
2/9/2014 5:29:26 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:5wcB2+iNJyw85JEf5oHiF5JOvAA1c8sw8eO6+bBosW:G1o5JEBoHiFbOyw8p6+bBfW

Entry address:
0xB888A

Entry point:
E8, D9, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 7F, FB, FF, FF, 83, C4, 14, 5D, C3, E8, 26, 0C, 00, 00, 8B, 48, 6C, 3B, 0D, B8, A0, 52, 00, 74, 10, 8B, 0D, D0, 9F, 52, 00, 85, 48, 70, 75, 05, E8, 12, 17, 00, 00, A1, B8, 93, 52, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7...
 
[+]

Entropy:
7.7252  (probably packed)

Code size:
948 KB (970,752 bytes)

The file PCCleanerProSetup.exe has been seen being distributed by the following 2 URLs.

http://files.downloadnow.com/s/software/13/62/22/.../PCCleanerProSetup.exe

http://www.pccleanerpros.com/PCCleanerProSetup.exe

Remove PCCleanerProSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.