home

ClearLNK.exe

ClearLNK

Alex Dragokas

This is a setup program which is used to install the application. The file has been seen being downloaded from toolslib.net.
Publisher:
Alex Dragokas  (signed and verified)

Product:
ClearLNK

Description:
Программа для лечения ярлыков, вследствие заражения системы Adware и другим вредоносным ПО.

Version:
2.09.0009

MD5:
52601cf5bc668a33e5627bc779104a4c

SHA-1:
5cc6b3091193c6f16e040c8334618253a45caef7

SHA-256:
935c5a094bc10bd88da7e646735efceaec944011d1f9db97596ab8c18337bda1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 4:51:16 AM UTC  (today)

File size:
440 KB (450,584 bytes)

Product version:
2.09.0009

Copyright:
Alex Dragokas

Trademarks:
Alex Dragokas

Original file name:
ClearLNK.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\clearlnk.exe

Digital Signature
Signed by:
Alex Dragokas

Authority:
Alex Dragokas

Valid from:
6/30/2014 11:59:42 PM

Valid to:
1/1/2040 1:59:59 AM

Subject:
CN=Alex Dragokas

Issuer:
CN=Alex Dragokas

Serial number:
F4DBDD6E9C3591AC4A5C39E95A82536F

File PE Metadata
Compilation timestamp:
10/25/2016 11:06:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:tGp8u0Ode65jWxhm7eIyHf50DQ5HtoUCcoD5StXqKIWZ+Pg4K4KuZLiqveaf:FiHeIyHfiUHKb6qKIpPgNqveaf

Entry address:
0x66D8

Entry point:
68, E0, C6, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, A0, 00, 00, 00, 40, 00, 00, 00, CF, 88, 89, 31, EE, F5, AA, 45, 9D, 70, 7A, 86, CB, 80, 53, 8D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 20, 57, 69, 64, 74, 43, 6C, 65, 61, 72, 4C, 4E, 4B, 00, 20, 20, 20, 3D, 20, 20, 20, CF, F0, EE, E3, F0, E0, EC, EC, E0, 20, E4, EB, FF, 20, EB, E5, F7, E5, ED, E8, FF, 20, FF, F0, EB, FB, EA, EE, E2, 2C, 20, E2, F1, EB, E5, E4, F1, F2, E2, E8, E5, 20, E7, E0, F0, E0, E6, E5, ED, E8, FF, 20...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
352 KB (360,448 bytes)

The file ClearLNK.exe has been seen being distributed by the following URL.

https://toolslib.net/downloads/finish/81/get/.../

Scan ClearLNK.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.