» rchelper.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

rchelper.exe

Registry Clean Expert

CleanMyPC Technology Limited

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Technology Limited has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RegClean Expert Scheduler’. This file is typically installed with the program Registry Clean Expert by iExpert Software.

File name:

rchelper.exe

Publisher:

iExpert Software (signed by CleanMyPC Technology Limited)

Product:

Registry Clean Expert

Description:

RegClean Expert Scheduler

Version:

4, 8, 1, 0

MD5:

623416198f8073f112066133d4d2905b

SHA-1:

a1556875219886603ff015733369b5a7538525b0

SHA-256:

033f556bba059a61d5e1cdecc058f7ff25bfe6258524700b0057e7822c45b652

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 3:53:15 AM UTC (today)

Scan engine

Detection

Engine version

Kaspersky

Virus.Win32.Suspic

14.0.0.851

Reason Heuristics

Win32.Generic

16.1.7.19

File size:

590.9 KB (605,056 bytes)

Product version:

4, 8, 1, 0

Original file name:

RCScheduler.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\registry clean expert\rchelper.exe

Digital Signature

Signed by:

CleanMyPC Technology Limited

Authority:

The USERTRUST Network

Valid from:

3/22/2010 7:00:00 AM

Valid to:

3/22/2012 6:59:59 AM

Subject:

CN=CleanMyPC Technology Limited, O=CleanMyPC Technology Limited, STREET="ROOM C1D 6/F, WING HING INDUSTRIAL BUILDING", STREET=14 HING YIP STREET, STREET="KWUN TONG, KOWLOON, HONG KONG", L=HONG KONG, S=NA, PostalCode=NA, C=HK

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

253A6CD8243978CADEED6FF2D0C2F4E1

File PE Metadata

Compilation timestamp:

1/12/2011 10:15:45 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:L/l8ukPS4TOjFqyT+3PgjZ2Sk6b7MP+Dd2xdvNr:bxkPS4TOjFhS3PgV97MP+h2L1r

Entry address:

0x1000

Entry point:

68, 01, 70, 49, 00, E8, 01, 00, 00, 00, C3, C3, 84, 7A, 95, 5B, 13, BA, BA, E4, BB, 53, A8, EE, 91, 67, 3D, DE, C8, 99, AF, 4A, F6, 29, 7A, F0, 3D, B6, 83, 10, 2F, BB, 72, 62, 91, 97, E7, EF, C3, 1D, 9C, 9C, C5, 17, 65, 08, DE, 21, CA, C1, 02, AF, 1C, AE, A8, E3, D7, A4, EC, E4, 84, CE, 7A, B6, 39, 57, A7, 40, 13, 40, FF, BD, 1D, 61, C0, 75, 9F, FC, 09, CD, 24, 63, E2, 55, 89, E2, 35, FA, 8A, 30, 8C, B5, 05, 62, C0, D7, 67, 52, A9, 32, C2, F4, 8C, 8F, 8E, 1E, F0, 73, 7A, F0, 19, 4C, B9, 66, D7, 57, 51, 7C... 
[+]

Entropy:

7.6232

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

172 KB (176,128 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RegClean Expert Scheduler

Command:

"C:\Program Files\registry clean expert\rchelper.exe" \startup

The file rchelper.exe has been discovered within the following program.

Registry Clean Expert by iExpert Software

This is a 'registry cleaner' that is supposed to clean or fix a PC by removing invalid registry settings.

www.registry-clean.net

50% remove it

Remove rchelper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.