» andycleanuptool.exe
Overview
Analysis
File Details

andycleanuptool.exe

Search Safer Inc

The application andycleanuptool.exe by Search Safer Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

andycleanuptool.exe

Publisher:

Search Safer Inc (signed and verified)

MD5:

da81d78be277a928bd96d484166937c4

SHA-1:

dd348b3230206b52657b876c17e7a14ffd382ed0

SHA-256:

895f325f77b8f7d878dbb0687b51d4f86f4fc9e81dde733eefe74db6f9d05da0

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/24/2024 10:31:27 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.11.21.0

File size:

1.1 MB (1,177,208 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\andycleanuptool.exe

Digital Signature

Signed by:

Search Safer Inc

Authority:

COMODO CA Limited

Valid from:

6/5/2014 9:00:00 PM

Valid to:

6/6/2015 8:59:59 PM

Subject:

CN=Search Safer Inc, OU=Search Safer Inc, O=Search Safer Inc, STREET=665 3rd street Suite 150, L=San Francisco, S=California, PostalCode=94107, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E26E98DAA7AAA5703565127BF095EFBE

File PE Metadata

Compilation timestamp:

5/3/2014 11:37:30 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:ktz2HkJqdjlVLVbCooMU/X7G9HMkSWlfc:8ADLUTGJMkSWl

Entry address:

0x8E213

Entry point:

00, 00, 8B, 85, F8, FB, FF, FF, A8, 40, 74, 2B, A9, 00, 01, 00, 00, 74, 04, 6A, 2D, EB, 0E, A8, 01, 74, 04, 6A, 2B, EB, 06, A8, 02, 74, 14, 6A, 20, 59, 66, 89, 8D, CC, FB, FF, FF, C7, 85, D8, FB, FF, FF, 01, 00, 00, 00, 8B, BD, D0, FB, FF, FF, 2B, BD, EC, FB, FF, FF, 2B, BD, D8, FB, FF, FF, 89, BD, E4, FB, FF, FF, A8, 0C, 75, 24, EB, 1E, 8B, 85, DC, FB, FF, FF, 6A, 20, 8D, B5, E8, FB, FF, FF, 4F, E8, 8B, F5, FF, FF, 83, BD, E8, FB, FF, FF, FF, 59, 74, 04, 85, FF, 7F, DE, FF, B5, D8, FB, FF, FF, 8B, BD, 9C... 
[+]

Code size:

619.5 KB (634,368 bytes)

Remove andycleanuptool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.