» pcclean.exe
Overview
Analysis
File Details
Behaviors (1)

pcclean.exe

Kemeda

The executable pcclean.exe has been detected as malware by 29 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named PCclean triggered to execute each time a user logs in.

File name:

pcclean.exe

Publisher:

Kemeda (signed and verified)

Version:

1.0.0.0

MD5:

6578e231ee6263eebe724e8a45a975cc

SHA-1:

b5d1e4bb8fb7252b727a738740172ffc9bfc815a

SHA-256:

5ee223cacf8e7b549f71605f20994f1ef045a2c9c6be5a269606521264b51c29

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

12/28/2024 3:59:57 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2862161

361

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/Dropper.MSIL.223106

8.3.2.4

avast!

Win32:Malware-gen

2014.9-160208

AVG

MSIL9

2017.0.2839

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.1628

Bitdefender

Trojan.GenericKD.2862161

1.0.20.195

Comodo Security

UnclassifiedMalware

23782

Dr.Web

Trojan.PWS.Siggen1.43791

9.0.1.039

Emsisoft Anti-Malware

Trojan.GenericKD.2862161

8.16.02.08.06

ESET NOD32

MSIL/Injector.MIX (variant)

10.12737

Fortinet FortiGate

W32/Agent.ABJAN!tr

2/8/2016

F-Secure

Trojan.GenericKD.2862161

11.2016-08-02_2

G Data

Trojan.GenericKD.2862161

16.2.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18131

Kaspersky

Trojan.MSIL.Agent

14.0.0.691

McAfee

RDN/Generic.dx

5600.6495

Microsoft Security Essentials

VirTool:MSIL/Injector.HG

1.1.12400.0

MicroWorld eScan

Trojan.GenericKD.2862161

17.0.0.117

NANO AntiVirus

Trojan.Win32.Agent.dyprys

1.0.10.5081

nProtect

Trojan.GenericKD.2862161

15.12.17.01

Panda Antivirus

Trj/CI.A

16.02.08.06

Quick Heal

Trojan.Inject.r3

2.16.14.00

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16206

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R00GC0EKF15

10.465.08

VIPRE Antivirus

Trojan.Win32.Generic

45892

ViRobot

Trojan.Win32.Z.Injector.446440[h]

2014.3.20.0

File size:

436 KB (446,440 bytes)

Product version:

1.0.0.0

Original file name:

torax.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\pcclean.exe

Digital Signature

Signed by:

Kemeda

Authority:

Kemeda

Valid from:

10/21/2015 11:07:25 PM

Valid to:

10/21/2016 11:07:25 PM

Subject:

CN=www.kemeda.pt, O=Kemeda, L=Lisboa, S=Lisboa, C=PK

Issuer:

CN=www.kemeda.pt, O=Kemeda, L=Lisboa, S=Lisboa, C=PK

Serial number:

008C6590B70633A028

File PE Metadata

Compilation timestamp:

11/9/2015 8:36:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

80.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:RgWfbUqOTU9NDfahH7Z4wCfBdFj6ntwNalG6iA3C3wdrFm:eWD5LLTalKXBdFG7c6LXrFm

Entry address:

0x6DF3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0876

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

432 KB (442,368 bytes)

Scheduled Task

Task name:

PCclean

Path:

\Update\PCclean

Trigger:

Logon (Runs on logon)

Remove pcclean.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.