home

rchelper.exe

Registry Clean Expert

CleanMyPC Software

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Software has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RegClean Expert Scheduler’.
Publisher:
iExpert Software  (signed by CleanMyPC Software)

Product:
Registry Clean Expert

Description:
RegClean Expert Scheduler

Version:
4, 7, 2, 0

MD5:
6cb1625521b04959de3228f9bccfa717

SHA-1:
063c6fb2754f787e610d86ff1c5b77e9ec9c32eb

SHA-256:
0f8ff17fc4e6983d69b2ef3cc4e48aeb0a3e3f92eb427e757f7ded493dfa2635

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 5:59:10 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Heuristic-210
v6.-

Reason Heuristics
Win32.Generic
16.1.8.0

Vba32 AntiVirus
suspected of Win32.BrokenEmbeddedSignature
16.01.08

File size:
590.7 KB (604,920 bytes)

Product version:
4, 7, 2, 0

Copyright:
Copyright (C) 2001-2009

Original file name:
RCScheduler.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\registry clean expert\rchelper.exe

Digital Signature
Signed by:
CleanMyPC Software

Authority:
The USERTRUST Network

Valid from:
3/30/2007 7:00:00 AM

Valid to:
3/30/2010 6:59:59 AM

Subject:
CN=CleanMyPC Software, O=CleanMyPC Software, STREET="Room 305, Building 01B, MuXuYuan Street 66#", L=NanJing, S=JiangSu, PostalCode=210007, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A8AC359D82019ABB29423B87491BA8C5

File PE Metadata
Compilation timestamp:
5/12/2009 5:03:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:wIRIDjBXVhOjFLyT+3PgjZ2S46b7MP+Dd2XlO:VIDhVhOjFOS3PgVR7MP+h2E

Entry address:
0x1000

Entry point:
68, 01, 70, 49, 00, E8, 01, 00, 00, 00, C3, C3, 7F, 61, 5C, 82, 55, 7B, E3, B6, C3, 4B, 4D, CD, 89, 3E, A2, B7, 9D, B4, FC, 41, 7A, 6F, 0E, F0, 5E, 1C, 98, 9D, 81, 90, AE, 9C, ED, A4, CE, 54, C8, D6, CA, 12, 2D, E9, 86, AB, DC, BC, FD, F0, 58, 1A, CB, 0B, 04, AA, A3, 32, 48, 3B, 30, 63, 42, B4, F3, D4, 0D, 29, 80, 8D, A4, 52, 98, EE, 36, 39, 9A, 71, BA, 2C, 12, EC, A8, FC, 22, 56, D8, F7, A9, B2, B8, 16, 86, C0, 00, AF, 4F, 78, C0, FC, 99, 3E, 68, 5D, 1F, 3A, 8A, 57, FA, AD, E6, 6C, 2A, D6, BC, 82, 5E, 4E...
 
[+]

Entropy:
7.6243

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
172 KB (176,128 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RegClean Expert Scheduler

Command:
"C:\Program Files\registry clean expert\rchelper.exe" \startup


Remove rchelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.