home

adwcleaner_5.030.exe

The executable adwcleaner_5.030.exe has been detected as malware by 2 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from toolslib.net and multiple other hosts. While running, it connects to the Internet address front2.general-changelog-team.fr on port 80 using the HTTP protocol.
Description:
AdwCleaner

Version:
5.0.3.0

MD5:
08985310e76bac6be0439a67234e90c7

SHA-1:
38ab5630a0f272651ccba30011fc28528bd87b2e

SHA-256:
17cfb6af2c91848b14a3e624b7a9b9966ce9ec1b147652e44282743f8803f45a

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
5/16/2024 10:35:58 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

ESET NOD32
Detection.Undefined
7.0.302.0

File size:
1.4 MB (1,505,280 bytes)

Product version:
3.3.14.2

Copyright:
Xplode

File type:
Executable application (Win32 EXE)

Language:
French (France)

File PE Metadata
Compilation timestamp:
1/17/2016 11:52:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:84GHnhIzOaGX2dwQFvw5IBqpl4STyEcPEwsY2jEoVaGOH:bshdaGXcFvwLpCSTyEuEwsY2jEow

Entry address:
0x1F1B60

Entry point:
60, BE, 00, C0, 59, 00, 8D, BE, 00, 50, E6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9885

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
344 KB (352,256 bytes)

The file adwcleaner_5.030.exe has been seen being distributed by the following 50 URLs.

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/4d9f5985f6abc601b25f9d6019fda2ae/56a4dd6d/windows/security/security-utilities/a/.../AdwCleaner.exe

http://download.bleepingcomputer.com/dl/7f0d49afbdb4216634d72c37ce273aec/56a3ecba/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/f3e14fba823b0d5058a1f9e8797d5a66/569cfa51/windows/security/security-utilities/a/.../AdwCleaner.exe

http://download.bleepingcomputer.com/dl/8dbe48f8c80dc2f8248d27ceb77ae150/569e6ef7/windows/security/security-utilities/a/.../AdwCleaner.exe

http://download.bleepingcomputer.com/dl/4adb7c640e3b0cfd3b5c35884b1e04fd/569f9426/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/.../FxZSNq4IEmxhYKHN0pAI8Z8ye3nstRyh

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/.../e1QcwiyPiT6dz11TqH3NL7tUoMNbiyYC

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/49eb2db31a4049d25ff6f14f77fe589c/56a2bd01/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/507eb4f9eb52d848dc0b70e80a7e3f39/56a45e88/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

Latest 30 of 840 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to front2.general-changelog-team.fr  (163.172.27.3:80)

TCP (HTTP):
Connects to front3.general-changelog-team.fr  (163.172.27.17:80)

Remove adwcleaner_5.030.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.