home

SystemCleaner.exe

System Cleaner

Pointstone Software, LLC

The application SystemCleaner.exe, “It is time to give your computer a good cleaning on the inside!” by Pointstone Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PRD’.
Publisher:
Pointstone Software, LLC  (signed and verified)

Product:
System Cleaner

Description:
It is time to give your computer a good cleaning on the inside!

Version:
5.7.0.211

MD5:
1fad072cb5e275f4539674b8780d30ea

SHA-1:
b7c312fecee3a8d8d28ca043063cdd36f2468798

SHA-256:
5929254336a3c05d66bcd413f224b7d5f84182374b38078107db178317b05216

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 10:37:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Pointstone.Startup
16.7.9.9

File size:
2.7 MB (2,851,032 bytes)

Product version:
5.7.0.0

Copyright:
Copyright © 1997 - 2009 Pointstone Software, LLC

Trademarks:
System Cleaner and Pointstone are either trademarks or registered trademarks of Pointstone Software, LLC

Original file name:
SystemCleaner.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\pointstone\system cleaner 5\systemcleaner.exe

Digital Signature
Signed by:
Pointstone Software, LLC

Authority:
The USERTRUST Network

Valid from:
3/5/2008 3:00:00 AM

Valid to:
3/6/2010 2:59:59 AM

Subject:
CN="Pointstone Software, LLC", O="Pointstone Software, LLC", STREET=220 E. Delaware Avenue, L=Newark, S=Delaware, PostalCode=19711, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
0A38CECD27D24D5BABCE0D05DC3CDAF9

File PE Metadata
Compilation timestamp:
12/23/2008 2:38:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:TnVg2MXLj3yS/gC3ynMkM15Z1xLn4jb8RbmOYmJk64/Gc/H8OX92lz6jVFogKF:TnWB7mS/gC3XkMzxnltrEP8zx

Entry address:
0x1000

Entry point:
68, 01, 00, A0, 00, E8, 01, 00, 00, 00, C3, C3, 8B, 9B, C7, 68, 9C, 06, 83, B7, 85, 72, CE, 17, A7, FF, 62, 74, 5E, F7, 5D, F1, 87, 46, 56, 02, EB, BB, 6F, 9E, 0D, 55, 06, 6F, 20, 5E, EC, 93, C8, 9A, 55, 31, 24, 76, CF, 49, 56, 1B, DA, F3, A7, 84, 43, 5F, B4, 65, E3, FF, 2D, E2, 11, 64, A3, 2B, 44, 9C, E3, 66, 68, 97, 18, 3C, E7, B2, 2D, 8D, A9, 10, 38, 0D, 8A, AD, CE, F3, 59, 94, C3, F2, 5B, 84, 5C, 81, 61, B4, 06, 7F, 94, F4, AD, FE, BB, B1, 7B, 42, DB, B4, 02, 5A, F5, 17, A1, 2C, 02, A7, AA, BC, AC, E1...
 
[+]

Entropy:
7.9840

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
3.5 MB (3,700,736 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PRD

Command:
C:\Program Files\pointstone\system cleaner 5\systemcleaner.exe afterreboot


Remove SystemCleaner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.