ccleaner_setup.exe

Pro Installer

Covus Pro GmbH

The application ccleaner_setup.exe by Covus Pro GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the free Piriform CCleaner but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
covus pro  (signed by Covus Pro GmbH)

Product:
Pro Installer

Version:
4.3.0.0

MD5:
2d93faca44f49444e7e697c478de941f

SHA-1:
deeca56500a612d33c1759a049b05425a69488e1

SHA-256:
d2830a090e3400be5dd194e014eb5d4ad7e4f137660be03d081fb618009ba640

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 6:36:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus (M)
17.2.6.12

File size:
563.5 KB (577,064 bytes)

Product version:
4.3.0.0

Copyright:
Copyright © 2014

Original file name:
Multiproduct.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ccleaner_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/5/2014 1:00:00 AM

Valid to:
2/6/2015 12:59:59 AM

Subject:
CN=Covus Pro GmbH, O=Covus Pro GmbH, STREET=Schwedter Str. 263, L=Berlin, S=Berlin, PostalCode=10119, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
61A79175C602D4C6B8D777D3A741B75A

File PE Metadata
Compilation timestamp:
7/31/2014 5:44:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x648AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
394.5 KB (403,968 bytes)

Remove ccleaner_setup.exe - Powered by Reason Core Security