» rchelper.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

rchelper.exe

Registry Clean Expert

CleanMyPC Technology Limited

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RegClean Expert Scheduler’. This file is typically installed with the program Registry Clean Expert by iExpert Software.

File name:

rchelper.exe

Publisher:

iExpert Software (signed by CleanMyPC Technology Limited)

Product:

Registry Clean Expert

Description:

RegClean Expert Scheduler

Version:

4, 8, 8, 0

MD5:

d3afe0fa97f2f4b54fbb9c93b76261f3

SHA-1:

0d0abb913af73d243935bb44e35ba36aea4a78bf

SHA-256:

8265f2eb960d513c197893977559f89a27949a60a462cf242349fb8641a21388

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:13:49 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.2.21.17

File size:

596.7 KB (611,056 bytes)

Product version:

4, 8, 8, 0

Original file name:

RCScheduler.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\registry clean expert\rchelper.exe

Digital Signature

Signed by:

CleanMyPC Technology Limited

Authority:

COMODO CA Limited

Valid from:

3/29/2012 3:00:00 AM

Valid to:

3/30/2017 2:59:59 AM

Subject:

CN=CleanMyPC Technology Limited, O=CleanMyPC Technology Limited, STREET="ROOM C1D 6/F, WING HING INDUSTRIAL BUILDING", STREET=14 HING YIP STREET, STREET="KWUN TONG, KOWLOON", L=HONG KONG, S=NA, PostalCode=NA, C=HK

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B22D5ED33A336918E76BE3A5C6CB25F1

File PE Metadata

Compilation timestamp:

5/5/2012 2:54:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:FxHbfhSA1FiwiOjFlyT+3PgjZ2Swo6b7MP+Dd2U:Fx78OjFUS3PgVo7MP+h2U

Entry address:

0x1000

Entry point:

68, 01, 70, 49, 00, E8, 01, 00, 00, 00, C3, C3, 8F, 68, 33, AC, 46, 4F, F4, 70, 12, 61, 72, F9, 85, C9, 12, C2, 08, FE, BF, A2, 32, 91, 51, 47, B0, 19, 7A, F2, 63, 45, C2, CB, BB, C7, 07, C9, 45, 89, 46, 7E, 15, 76, 3F, B7, C9, 27, B0, 4F, A9, A8, 29, 15, 4D, 4F, B2, 5B, 7F, 4B, E2, 55, ED, CC, 1B, 58, 60, AD, 4C, 4B, 23, 18, 35, F7, DB, 81, 58, 15, B7, 09, 89, 48, 10, 22, 51, 94, DD, CA, F1, 61, DF, 6F, DD, 72, 7C, A6, 8A, BA, 3B, 3B, D4, D4, C3, CC, F9, 3E, C7, 25, F9, E6, FA, A7, A9, 48, 34, 2C, 3A, F5... 
[+]

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

172 KB (176,128 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RegClean Expert Scheduler

Command:

"C:\Program Files\registry clean expert\rchelper.exe" \startup

The file rchelper.exe has been discovered within the following program.

Registry Clean Expert by iExpert Software

This is a 'registry cleaner' that is supposed to clean or fix a PC by removing invalid registry settings.

www.registry-clean.net

50% remove it

Remove rchelper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.