home

rchelper.exe

Registry Clean Expert

CleanMyPC Technology Limited

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RegClean Expert Scheduler’.
Publisher:
iExpert Software  (signed by CleanMyPC Technology Limited)

Product:
Registry Clean Expert

Description:
RegClean Expert Scheduler

Version:
4, 9, 0, 0

MD5:
10b7a56b59325b559e8b2e98a4966491

SHA-1:
09eec2edaaaf984fe0f4decb62f347a17f3d3150

SHA-256:
03c322985b98c67cdf1db9b8eee7438c4e5e32a3386621f67969954a9ea061eb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 10:01:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.2.9.20

File size:
595.7 KB (610,000 bytes)

Product version:
4, 9, 0, 0

Copyright:
Copyright (C) 2001-2012

Original file name:
RCScheduler.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\registry clean expert\rchelper.exe

Digital Signature
Signed by:
CleanMyPC Technology Limited

Authority:
COMODO CA Limited

Valid from:
3/29/2012 2:00:00 AM

Valid to:
3/30/2017 1:59:59 AM

Subject:
CN=CleanMyPC Technology Limited, O=CleanMyPC Technology Limited, STREET="ROOM C1D 6/F, WING HING INDUSTRIAL BUILDING", STREET=14 HING YIP STREET, STREET="KWUN TONG, KOWLOON", L=HONG KONG, S=NA, PostalCode=NA, C=HK

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B22D5ED33A336918E76BE3A5C6CB25F1

File PE Metadata
Compilation timestamp:
12/15/2014 5:49:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:kIfqCowXOjFhyT+3PgjZ2Su6b7MP+Dd2uYd44Qr:XDOjFIS3PgVX7MP+h2BhQr

Entry address:
0x1000

Entry point:
68, 01, 70, 49, 00, E8, 01, 00, 00, 00, C3, C3, 6F, B3, 6D, B6, 41, 09, 14, E2, C4, E0, 8D, A6, 04, E0, FC, CC, EF, F4, DF, 3A, 53, A9, 96, FA, 79, 71, 5D, 18, D2, 00, CB, B0, 99, B8, 62, 44, 27, A1, A7, 38, 31, 69, A6, 43, 56, 54, 94, 90, C3, B6, 0A, 66, 28, 42, CE, AB, C7, 58, 99, BA, 36, 8F, E0, 8D, 90, 6F, B9, 94, 7B, D0, A0, 84, B3, 09, C3, 61, 6B, F9, 86, 4B, 93, 3A, 2A, A0, 3B, 8D, 8F, 48, 5C, 62, 30, DE, BA, 82, 00, A5, 69, F5, 99, 7D, 04, 0E, EE, D8, BB, CD, F4, 7D, A9, BF, F4, ED, 09, 44, 03, E0...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
172 KB (176,128 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RegClean Expert Scheduler

Command:
"C:\Program Files\registry clean expert\rchelper.exe" \startup


Remove rchelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.