propccleaner.exe

Pro PC Cleaner

Rainmaker Software Group LLC

The application propccleaner.exe, “This installer database contains the logic and data required to install Pro PC Cleaner.” by Rainmaker Software Group has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.propccleaner.com and multiple other hosts.
Publisher:
Rainmaker Software Group LLC.​  (signed by Rainmaker Software Group LLC)

Product:
Pro PC Cleaner

Description:
This installer database contains the logic and data required to install Pro PC Cleaner.

Version:
2.5.9

MD5:
5e27a8e5e52546871113acf4ec0bc375

SHA-1:
0c61d25682859b4e13eb272fb7ad3dc634b021d3

SHA-256:
f455fd023db4743b5b5e4a66c2686277bd09107f29641d8085329d67c051b183

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 1:41:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Rainmaker.Installer.Meta (L)
16.6.13.20

File size:
6.3 MB (6,624,520 bytes)

Product version:
2.5.9

Copyright:
Copyright (C) 2014 Rainmaker Software Group LLC.​

Original file name:
ProPCCleanerSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\propccleaner.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/7/2014 7:00:00 PM

Valid to:
12/12/2014 5:59:59 PM

Subject:
CN=Rainmaker Software Group LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rainmaker Software Group LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
45DB761CA84D4C4468213FBE70DB0BA9

File PE Metadata
Compilation timestamp:
10/7/2014 10:05:58 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:ouQK58Jav2LxSxLP71Xna4rrMN9JojsQd7f:F58JavW0taoIJ3Q1

Entry address:
0xC87EC

Entry point:
E8, 4A, CC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 5D, 4D, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, C5, D5, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 39, 4D, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A1, D5, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 0A, 4D, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77...
 
[+]

Entropy:
7.7861  (probably packed)

Code size:
1021.5 KB (1,046,016 bytes)

The file propccleaner.exe has been seen being distributed by the following 3 URLs.

Remove propccleaner.exe - Powered by Reason Core Security