ccleaner64.exe

CCleaner

Piriform Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘CCleaner Monitoring’. This is installed with multiple programs including CCleaner. The file has been seen being downloaded from techsupport.helpdesknational.com.
Publisher:
Piriform Ltd  (signed and verified)

Product:
CCleaner

Version:
5, 12, 00, 5431

MD5:
40335c8877b6b84842af03a40e1bb206

SHA-1:
0bf82a358628ab04c83fc10cc7a5f319f0812ae4

SHA-256:
33433ed8961b1aeebd30f8dd53a541c711c403d019f1074406ff9c9d1e9f4113

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 3:00:45 PM UTC  (today)

File size:
8.2 MB (8,591,272 bytes)

Product version:
5, 12, 00, 5431

Copyright:
Copyright © 2005-2015 Piriform Ltd

Original file name:
ccleaner.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ccleaner\ccleaner64.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
8/11/2015 8:00:00 PM

Valid to:
10/10/2018 7:59:59 PM

Subject:
CN=Piriform Ltd, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4B48B27C8224FE37B17A6A2ED7A81C9F

File PE Metadata
Compilation timestamp:
11/16/2015 11:06:46 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:GCzqhp7LREukIiogMLtcore/jPLOqlajvB:GCeKRmcnjdla1

Entry address:
0xFEAC0

Entry point:
48, 83, EC, 28, E8, 73, 02, 01, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 48, 85, C9, 0F, 84, 9C, 00, 00, 00, 53, 48, 83, EC, 20, 48, 8B, D9, B9, 0D, 00, 00, 00, E8, C1, F4, 00, 00, 90, 48, 8B, 4B, 08, 48, 85, C9, 74, 1B, F0, FF, 09, 75, 16, 48, 8B, 4B, 08, 48, 8D, 05, 97, 82, 49, 00, 48, 3B, C8, 74, 06, E8, 89, CD, FF, FF, 90, B9, 0D, 00, 00, 00, E8, 92, F3, 00, 00, 48, 83, 3B, 00, 74, 3C, B9, 0C, 00, 00, 00, E8, 82, F4, 00, 00, 90, 48, 8B, 0B, E8, 9D, AC, 00, 00, 48, 8B, 0B, 48, 85, C9, 74, 17, 83...
 
[+]

Entropy:
6.2863

Code size:
4.1 MB (4,254,720 bytes)

2 Scheduled Tasks
Task name:
CCleaner Monitoring

Path:
\DelayedItemsByChemtableSoftware\CCleaner Monitoring

Trigger:
Logon (Runs on logon)

Task name:
CCleanerSkipUAC


2 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CCleaner Monitoring

Command:
"C:\Program Files\ccleaner\ccleaner64.exe" \monitor

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CCleaner

Command:
"C:\Program Files\ccleaner\ccleaner64.exe" \auto


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CCleaner Monitoring

Command:
"C:\Program Files\ccleaner\ccleaner64.exe" \monitor


The file ccleaner64.exe has been discovered within the following programs.

CCleaner  by Piriform
CCleaner developed by Piriform, is a utility program used to clean potentially unwanted files and invalid Windows Registry entries from a computer.
www.piriform.com/ccleaner
3% remove it
Ignite  by AIR Music Technology
Publisher's description - “Featuring the new MIDI Learn Mode, Ignite lets you write, record, and produce music with your favorite keyboard controller. Ignite features Smart MIDI technology to help jump-start your ideas and enhance your music-making skills.”
www.airmusictech.com/product/ignite
About 6% of users remove it
 
Powered by Should I Remove It?

The file ccleaner64.exe has been seen being distributed by the following URL.

Scan ccleaner64.exe - Powered by Reason Core Security