adwcleaner.exe

AdwCleaner from Xplode is a free application designed to search for and remove adware such as browser toolbars and other potentially unwanted programs and specifically targets software that is bundled with free programs that you download from the web. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from download.bleepingcomputer.com and multiple other hosts.
Version:
3.0.0.6

MD5:
5611140e8cc5927d371c27ea1f9e71a6

SHA-1:
c3f742287cb7763238432fddddc2eb475265ae29

SHA-256:
cbb3b36d00ea3597ac9d4515740d7cb2fcff1a6a60ebdfa418dca7f792b17ac5

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/27/2024 2:18:00 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Undefined.Threat
v6.4.7.1.166

Rising Antivirus
AU3SCRIPT:Dropper.Insrun!1.9E21
23.00.65.131216

Trend Micro House Call
TROJ_GEN.F47V1001
7.2.352

File size:
1020.7 KB (1,045,226 bytes)

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\downloads\adwcleaner.exe

File PE Metadata
Compilation timestamp:
1/29/2012 4:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:uthEVaPqLBDr4eJcxmsmhXiCYssIt2ws7GkyIs6/zVI:2EVUcBDMXnkyC+q36+

Entry address:
0xB5E60

Entry point:
60, BE, 00, 40, 47, 00, 8D, BE, 00, D0, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9852

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

Scheduled Task
Task name:
{040415F2-EF79-44F5-880F-639698FFF97E}

Trigger:
Registration (Runs on registration)


The file adwcleaner.exe has been seen being distributed by the following 36 URLs.

http://download.bleepingcomputer.com/dl/82ac7ee6fc3d995e3dfb50ef91482aff/5253d989/windows/security/security-utilities/a/.../AdwCleaner.exe

http://download.bleepingcomputer.com/dl/f8387b92838868fc09018f074e8d6e79/524af795/windows/security/security-utilities/a/.../AdwCleaner.exe

http://download.bleepingcomputer.com/dl/8c0bc28052c520e2e795aa029affe0ad/524ea7dc/windows/security/security-utilities/a/.../AdwCleaner.exe

Latest 30 of 36 download URLs

Scan adwcleaner.exe - Powered by Reason Core Security