home

rchelper.exe

Registry Clean Expert

CleanMyPC Software

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Software has been detected as a potentially unwanted program by 3 anti-malware scanners.
Publisher:
iExpert Software  (signed by CleanMyPC Software)

Product:
Registry Clean Expert

Description:
RegClean Expert Scheduler

Version:
4, 5, 5, 0

MD5:
f45a8f3e3b2e8ec7361c0cdad1de74d2

SHA-1:
20d7617b2c3bdf5caa03bb7580e5445ff817ee8a

SHA-256:
494290f5418826a9b64895fcc7640a177d5d9749e924a8b512dc1dededd9ed36

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:58:19 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Heuristic-210
v6.-

Reason Heuristics
Win32.Generic
16.1.18.23

Vba32 AntiVirus
suspected of Win32.BrokenEmbeddedSignature
16.01.18

File size:
592.2 KB (606,456 bytes)

Product version:
4, 5, 5, 0

Copyright:
Copyright (C) 2001-2007

Original file name:
RCScheduler.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\registry clean expert\rchelper.exe

Digital Signature
Signed by:
CleanMyPC Software

Authority:
The USERTRUST Network

Valid from:
3/29/2007 7:00:00 PM

Valid to:
3/29/2010 6:59:59 PM

Subject:
CN=CleanMyPC Software, O=CleanMyPC Software, STREET="Room 305, Building 01B, MuXuYuan Street 66#", L=NanJing, S=JiangSu, PostalCode=210007, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A8AC359D82019ABB29423B87491BA8C5

File PE Metadata
Compilation timestamp:
11/24/2007 11:14:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ysjfQj2QyHEOjFxyT+3PgjZ2SA6b7MP+Dd2kdX7zVQG:lQjpykOjFYS3PgVp7MP+h20X7ZQG

Entry address:
0x1000

Entry point:
68, 01, 70, 49, 00, E8, 01, 00, 00, 00, C3, C3, 69, E5, FA, D9, 50, D0, 11, 6A, BE, 18, 0A, 91, A2, DD, 64, 59, CA, D9, B5, 67, E6, F0, 28, 4D, 72, 07, 8E, 76, 8A, 8A, E5, 38, D5, BE, 02, 91, ED, 45, 09, D5, 29, 34, 3E, C0, F9, EB, 38, DE, 9F, 6F, 42, 50, 8F, BE, 0B, C8, 52, A9, 9D, E9, FB, 5E, F1, 52, 56, AD, E8, D1, 47, A3, 37, E4, C6, D1, 38, 76, 8D, BF, F1, 09, 76, 1F, 78, 35, E6, B1, 80, FB, 87, 51, 93, BD, F0, 00, 0F, 5A, D4, 5A, A0, C7, 07, 5C, CB, 0B, E5, 37, 9E, DA, 23, B5, 4C, 2E, 42, 87, 06, BA...
 
[+]

Entropy:
7.6265

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
172 KB (176,128 bytes)

Remove rchelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.