» security_cleaner.exe
Overview
Analysis
File Details

security_cleaner.exe

FirsTech Inc.

The executable security_cleaner.exe has been detected as malware by 7 anti-virus scanners.

File name:

Publisher:

FirsTech Inc. (signed and verified)

MD5:

8d18ac7ff6ffa50bd11e4c98c22c806e

SHA-1:

cc5f63338f4fbb6819d8c9406c957e0da3e5e8e6

SHA-256:

805acdc71991ab395de9b479fb88cc14667ecf6a0ea43fb3c54e69734f097eb1

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

5/4/2024 12:05:16 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Crypt-QCU [Trj]

160126-1

Dr.Web

Trojan.Winlock.9260

9.0.1.05190

ESET NOD32

Win32/Kryptik.BNSK trojan

7.0.302.0

F-Secure

Heur.Jatif.39

5.15.21

McAfee

Trojan.FakeAlert-FSE!8D18AC7FF6FF

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6073.0

VIPRE Antivirus

Threat.4791220

47086

File size:

528.6 KB (541,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\security_cleaner.exe

Digital Signature

Signed by:

FirsTech Inc.

Authority:

VeriSign, Inc.

Valid from:

12/18/2011 7:00:00 PM

Valid to:

12/18/2013 6:59:59 PM

Subject:

CN=FirsTech Inc., OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=FirsTech Inc., L=Decatur, S=Illinois, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5C433991ED8187EEA0A3003A1E4861E8

File PE Metadata

Compilation timestamp:

10/28/2013 7:29:21 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

4.0

CTPH (ssdeep):

12288:LeCrWPga1MOXijRbsxCNqJsvL5gEX8TSQ1q:LeolGMb3qmYSAq

Entry address:

0x1000

Entry point:

60, 0B, C9, 33, D0, 8B, C1, 03, D3, 90, 90, 85, C0, 75, 02, 8B, F0, E8, 04, 00, 00, 00, 33, C0, 33, DB, 59, 83, E9, 04, 66, 33, C9, 8B, C1, 33, F6, BB, 56, EC, 5D, 3A, 03, F3, 81, F6, 56, B2, 1D, 3A, 81, EE, 00, 00, 40, 00, 03, F0, 81, C6, 00, 22, 00, 00, BF, 58, 60, 40, 00, 81, EF, 00, 00, 40, 00, 03, F8, 8B, 44, 24, F4, 8B, C8, 3D, 08, 04, 00, 00, 74, 10, 83, F8, 01, 74, 0B, 83, F8, 00, 74, 0B, 8B, E5, 61, 59, FF, E1, FF, 37, FF, 14, 24, 8B, EC, 50, FF, 77, 0C, FF, 14, 24, 8B, D0, 3B, D0, 74, 01, CC, 58... 
[+]

Entropy:

7.9747 (probably packed)

Code size:

20 KB (20,480 bytes)

Remove security_cleaner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.