dd03afffe9e93ee2c2daac51e39d2323.exe

SparkTrust Systems

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with SparkTrust PC Cleaner Plus. The file has been seen being downloaded from RevenueWire's affiliate distribution platform sparkdr.sparktrust.revenuewire.net and multiple other hosts.
Publisher:
SparkTrust  (signed by SparkTrust Systems)

Description:
SparkTrust PC Cleaner Plus Installer

Version:
3.1.9.0

MD5:
dd03afffe9e93ee2c2daac51e39d2323

SHA-1:
bf88949b9c9016d52895139cbfa57a5543fa3acc

SHA-256:
17c5be73fc5007a769d2f1794ecef413c9e15041b246de5f2e42d3153409295d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 1:45:36 PM UTC  (today)

File size:
5.6 MB (5,912,264 bytes)

Copyright:
Copyright © 2013 SparkTrust

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\dd03afffe9e93ee2c2daac51e39d2323.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/4/2013 11:17:59 AM

Valid to:
4/4/2014 4:00:13 PM

Subject:
CN=SparkTrust Systems, O=SparkTrust Systems, C=CA

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112188E80872CB93AAD5F8D9BA185623CFA1

File PE Metadata
Compilation timestamp:
2/24/2012 2:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:1h0//DnwttJL3VPyz5K0YiwaHMj31QO587ATJ8xt1clSOPJ97O50N/YfA:8/bgJzVKE0YiwaHMjCqJ8zuSqVEA

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9978

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file dd03afffe9e93ee2c2daac51e39d2323.exe has been discovered within the following program.

Publisher's description - “Optimize your computer, correct system errors and eliminate malware, correct system errors and optimize your computer. SparkTrust PC Cleaner Plus is an innovative new way to protect your PC and keep it running for optimal performance.”
www.sparktrust.com
58% remove it
 
Powered by Should I Remove It?

The file dd03afffe9e93ee2c2daac51e39d2323.exe has been seen being distributed by the following 50 URLs.

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=1279FEF8-B67C-4273-94D9-41FFA5732FB9

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=B7550422-1E36-4673-97B2-63958888817A

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=833D9A0F-AE2A-4B5B-9E68-D8D649D84019

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=7FC4F992-CEAF-49D7-9A27-E814E52BC3C9

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=9C074CA8-6A28-4065-888B-5F92D5F1FEDC

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=BF3396A1-DDDD-49B4-9EDF-F8E1F22C589A

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=3B5C8496-0D10-4453-BDC5-0B9195BCB507

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=35E8284F-4668-400F-A330-16630A5CC722

http://sparkdr.sparktrust.revenuewire.net/stpcclpro/.../?rwp_tguid=800F79F9-727A-4B17-ACC2-6E168DA26CC7

Latest 30 of 61 download URLs

Scan dd03afffe9e93ee2c2daac51e39d2323.exe - Powered by Reason Core Security