adwcleaner.exe

AdwCleaner from Xplode is a free application designed to search for and remove adware such as browser toolbars and other potentially unwanted programs and specifically targets software that is bundled with free programs that you download from the web. This is a setup program which is used to install the application. The file has been seen being downloaded from download.bleepingcomputer.com and multiple other hosts.
Version:
3.2.0.1

MD5:
58ff3ba4a5a34a20d6e0e095f05d1939

SHA-1:
ca3eb641ce6c3ea64c6923c1f350ed6e1080ec79

SHA-256:
547934c9520a7755233c641d21733af65cde52d1d113787b9f765b32521d7494

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 9:29:26 AM UTC  (today)

File size:
1.3 MB (1,345,299 bytes)

Product version:
3.3.8.1

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\downloads\adwcleaner.exe

File PE Metadata
Compilation timestamp:
1/29/2012 2:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:HthEVaPqL7dh9hTG7fmS2/ot5ws7GkyIs6/zVnE:LEVUc7dh9xBQq36a

Entry address:
0xCFE90

Entry point:
60, BE, 00, E0, 48, 00, 8D, BE, 00, 30, F7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9054

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file adwcleaner.exe has been seen being distributed by the following 7 URLs.

http://download.bleepingcomputer.com/dl/cf7aa2e2bed7c98c39361c89808e232d/5357aab5/windows/security/security-utilities/a/.../AdwCleaner.exe

Scan adwcleaner.exe - Powered by Reason Core Security