home

ram_clear.exe

Bagayev ALEXander

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RAM_Clear_Autostart’.
Publisher:
Bagayev ALEXander

Description:
Ultimate Memory Optimization Utility

Version:
1, 0, 0, 1

MD5:
d52e523b346a79e872f74a9ff2feef67

SHA-1:
89691443d408707c66d59180a1d1315c747cbddc

SHA-256:
4d5640508a95aa4ac7d34e72b417b2c70644c33996369323f355c7993ecd7053

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/11/2025 7:38:48 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Heur.Packed.Unknown
16791

Quick Heal
(Suspicious) - DNAScan
2.14.12.00

File size:
30 KB (30,720 bytes)

Copyright:
Copyright © 2007-2010 Bagayev ALEXander

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\3_ram clear\ram_clear.exe

File PE Metadata
Compilation timestamp:
9/15/2010 7:08:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:VGNc8RXnJj5OUGelLiXzfC4DeNQaYd8+9GYEegCZOl:itRX/xlLKD8Yq+9GregC

Entry address:
0x5540

Entry point:
68, 84, 82, 40, 00, E8, F6, C9, FF, FF, 33, C0, C3, CC, CC, CC, 56, 43, 32, 30, 58, 43, 30, 30, 55, 8B, EC, 83, EC, 08, 53, 56, 57, 55, FC, 8B, 5D, 0C, 8B, 45, 08, F7, 40, 04, 06, 00, 00, 00, 0F, 85, 82, 00, 00, 00, 89, 45, F8, 8B, 45, 10, 89, 45, FC, 8D, 45, F8, 89, 43, FC, 8B, 73, 0C, 8B, 7B, 08, 83, FE, FF, 74, 61, 8D, 0C, 76, 83, 7C, 8F, 04, 00, 74, 45, 56, 55, 8D, 6B, 10, FF, 54, 8F, 04, 5D, 5E, 8B, 5D, 0C, 0B, C0, 74, 33, 78, 3C, 8B, 7B, 08, 53, E8, 29, 01, 00, 00, 83, C4, 04, 8D, 6B, 10, 56, 53, E8...
 
[+]

Code size:
18 KB (18,432 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RAM_Clear_Autostart

Command:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\3_ram clear\ram_clear.exe \rit


Scan ram_clear.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.