app3_install_french.exe

PC Cleaners Inc.

The application app3_install_french.exe by PC Cleaners has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This file is typically installed with the program SSDlife Pro by BinarySense Inc.. The file has been seen being downloaded from www.pccleaner.com and multiple other hosts.
Publisher:
PC Cleaners  (signed by PC Cleaners Inc.)

Product:
PC Cleaners

Description:
PC Cleaner Pro

Version:
10.0.0.0

MD5:
61ea34903291c1053c832a1ce9b4838c

SHA-1:
e79f3819d1ad75cbf40b17d5b10df36789fedc42

SHA-256:
78de287f2f220aef5df0c4dcbb54eb921e485c18a55900c9c12e07241be1ebe2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 3:36:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PCCleaner.Installer.Meta (M)
16.6.10.14

File size:
4.9 MB (5,160,208 bytes)

Product version:
10.0.0.0

Copyright:
(c)2014 PC Cleaners Inc. All rights reserved.

Original file name:
PCSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\app3_install_french.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/13/2014 1:00:00 AM

Valid to:
2/14/2015 12:59:59 AM

Subject:
CN=PC Cleaners Inc., O=PC Cleaners Inc., POBox=92677, STREET="220 Newport Center Dr. Suite #197", L=Newport Beach, S=California, PostalCode=92660, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C9E049157A6A920D966DC639E40B25DA

File PE Metadata
Compilation timestamp:
1/12/2015 7:57:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:K3FWiDFtCi1ElVgBrukS1/VX6agD7tUGfBeFcFJd0f4HyGaAoT1V:APFYi11xukS1hbgvtUGpccFJaf4l3oT7

Entry address:
0x4AD0B70

Entry point:
60, BE, 00, D0, 9E, 04, 8D, BE, 00, 40, A1, FB, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
4.9 MB (5,128,192 bytes)

The file app3_install_french.exe has been discovered within the following program.

SSDlife Pro  by BinarySense Inc.
Publisher's description - “SSDlife is a small and intuitive SSD diagnostic tool that helps users obtain comprehensive information about their SSD drives and take timely action if any problems are detected.”
ssd-life.com
About 3% of users remove it
 
Powered by Should I Remove It?

The file app3_install_french.exe has been seen being distributed by the following 5 URLs.

Remove app3_install_french.exe - Powered by Reason Core Security