phoneclean-setup.exe

PhoneClean

iMobie Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.commix.ru and multiple other hosts.
Publisher:
iMobie Inc.  (signed and verified)

Product:
PhoneClean

Version:
${PRODUCT_VERSION}

MD5:
83b0659da4e2ced5b58c4c811dbb7128

SHA-1:
d5f59501dfbbcc7cdf45a7418394126a6cac224e

SHA-256:
c48afd15fc7c4f35b4258a912cc0dc04cd97af94d46aea39c4efa332173f04e0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 6:24:49 AM UTC  (today)

File size:
1 MB (1,090,768 bytes)

Product version:
4.0.5.0

Copyright:
Copyright (C) iMobie Inc. All rights reserved

Trademarks:
iMobie Inc. All rights reserved

Original file name:
phoneclean-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\phoneclean-setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/31/2016 7:00:00 PM

Valid to:
10/14/2016 6:59:59 PM

Subject:
CN=iMobie Inc., OU=IT, O=iMobie Inc., L=ChengDu, S=Sichuan, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7584FF49D7A755C0224B4B4D473169E2

File PE Metadata
Compilation timestamp:
4/10/2010 7:19:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:/zZy/zy0emdb9kQrLn/acw8l8uLuzpmiRT8la3fZ:/U2XaJ7XwBouzpx1Z

Entry address:
0x3415

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, B3, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, B2, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, A0, 32, 47, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, C0, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
26 KB (26,624 bytes)

The file phoneclean-setup.exe has been seen being distributed by the following 22 URLs.

http://www.commix.ru/goto/http://www.imobie.com/.../phoneclean-setup.exe

http://dlgbit.winfuture.de/676c54a6336ab1d9ed747761662ce26f/56feed79/software/PhoneClean/.../phoneclean-setup.exe

http://dw.uptodown.com/dwn/xojEm2zonAoQarFzAh_pPq6WSTKhFPzxmHTrixzRWr6MXLbzFDmMvRZe8scDkJozOnturYS9Zdk19uMMzWunGyf_zKnip91yNOxXfO1iK_UC0ar8W1hSmxKIkCN7AOil/3VLClIx0ZuE0W-PPYc1rIdRSpJNClRKiq6SGSOfeWkRC7aF9XUpuCjTg6itzYC9oaBTZqpdBFjYCLbNwJfRAzzrrkr_pVXsXbFs3GMz0IsohKSF0xWflUZDntX5VinKC/.../

http://dw.uptodown.com/dwn/fP3J55YvXufylxqv9DL_mfW5PlKrqugkSEVc5u3p5iOyXI9wjV2l4Wn2mtMja-wRfadOinAfOwvCQfcQkxNpVhIV3_2N4e8PC8--Je6UEWMmk3AzophzsbmePaxMm30O/Pzn2cuprTONBzkYm_TGusrPrF-ckZmAFyYjpiivujHTd1oGkc9CPHWvH2vLEfaY643I7YA_2h2BUaucuep21q2WRval1P9SaZmOOUBs42wgDiiVu6tEs_NpDK3nuQiZz/.../

https://dw.uptodown.com/dwn/mk6-whR86SIRW5R8LkSVAzr7-L78KY7XieNU50SRMe_FlLINcG7bc7HndYaCR0ChdDDmRs8jMY5CvA4GxX5ZoMMslIeD8sYWkKFHI3jYO58MnNkv_NOC1VY9pPmtPRzY/vHWVttEYTXBgSHpW2i8iC5jOIE5hQhsukbPO5MQtenXWetZof1PMWwCQfgGxjtrtdB6csijh6kQLqVfr__LJT1XSZXgC9p6qJwqZ61yuBtVDghAY5qivMiS9bAt4UUUE/MLddJJJGJqoej8v0cBTWcpVn_1718WhROQDoYmslFX35Vccxt85KUJRCKY-PYsPIhJiQPFTuw7EIHKKZgyLFJGhp0QSdNzGcqPONd3vjSDlSbtk-YtHO98XQMbcFIIpO/.../

https://dw.uptodown.com/dwn/8AjqMEeT0GJYUgygHfTiFFw3zzjlpCxtsFoYkf1wP4n4rgNgzC8JioE0PbetezT8CEIsI3GEn76TAizISsBNifdx0hyQgtg8KVShrrwwUeFwH3WF4irgRa9aN3zecKJv/-pOO5f6mxyA23fcivsaofA8wivYw0P2NqsHogQorQZ7-Z6lQ541hhnaSmKHnNXa3W_R1gQL5V6cBO1o9PnJGqSyt3XfDmiRcXTUkBgOAVZlPe8oTgn4fYAewWP3Ykfbw/tKo0wPfhdl0wvXPBuASM_LgymKdxuRZ5hnIPFQe4Qv-E_p7L_BNlMaklt3YYjt1YvuvOoeQJzzvaZ3G90yf5BPSGuzs96BnQL05nwdzopGFUZR6LQBtlvMsp9Z2n1cYt/.../

https://secure.avangate.com/affiliate.php?ACCOUNT=KONGXIAN&AFFILIATE=11859&AFFSRC=ilczucnyse012ba600xgc&PATH=http://www.imobie.com/.../phoneclean-setup.exe

http://www.techtudo.com.br/_/software/.../download

http://phoneclean.it.softonic.com/download-tracker?th=1/.../dB3oW8S7LNhHFe5e1EyouldgX567v672NfSuQ=

Scan phoneclean-setup.exe - Powered by Reason Core Security