duplicatecleaner3_setup.exe

Duplicate Cleaner Pro

Digital Volcano software Ltd

The application duplicatecleaner3_setup.exe, “Duplicate Cleaner Pro Edition Setup” by Digital Volcano software has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Toolwiz Time Freeze 2014 by ToolWiz. The file has been seen being downloaded from 188.138.70.225 and multiple other hosts.
Publisher:
DigitalVolcano Software Ltd  (signed by Digital Volcano software Ltd)

Product:
Duplicate Cleaner Pro

Description:
Duplicate Cleaner Pro Edition Setup

Version:
3.2.6

MD5:
448ff9e11b4d9c99550ddbac5c8696d2

SHA-1:
c6c268c35f2d9b706ae0e19e7a9d7c10de16c668

SHA-256:
20bef3a87febfbd77f0a01ed51b5829e165f69f9756ce34540fc46f8fb38dcbc

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 3:54:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer
15.1.19.10

Trend Micro House Call
TROJ_GEN.F47V0929
7.2.19

File size:
7.9 MB (8,310,512 bytes)

Copyright:
(c)2015 DigitalVolcano Software

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\d3plicatecl3aner3.2.6\duplicatecleaner3_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/6/2013 1:00:00 AM

Valid to:
3/6/2016 12:59:59 AM

Subject:
CN=Digital Volcano software Ltd, O=Digital Volcano software Ltd, STREET=6 Uplands Road, STREET=Oadby, L=Leicester, S=Leicestershire, PostalCode=LE24NS, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0087778AAC8AFDF690B56AB0A56F946387

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:i6eEaClVC/uONpVGTYOfq6XcsYRWFM7xXEQT8eBU47z:i6SoViuONrGBCG7YkF+Tna4H

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file duplicatecleaner3_setup.exe has been discovered within the following program.

www.Toolwiz.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file duplicatecleaner3_setup.exe has been seen being distributed by the following 3 URLs.

http://188.138.70.225/.../DuplicateCleaner3_setup.exe

Remove duplicatecleaner3_setup.exe - Powered by Reason Core Security