home

RapidPCCleaner.exe

Rapid PC Cleaner

Programs Pipe

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RapidPCCleaner’.
Publisher:
Rapid Utilities  (signed by Programs Pipe)

Product:
Rapid PC Cleaner

Version:
1.0.5641.18433

MD5:
9cdd26e36653ab041c7f9f6ce23f2f5c

SHA-1:
f0012461eea8943927c481aade1ebb3ff2011891

SHA-256:
7d0427f092fd29eb273824bd378834d4f3e107063b14ec0c422e221f0a0e8d8a

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
1/15/2025 6:53:03 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
Suspicious_GEN.F47V0616
7.2.179

VIPRE Antivirus
AdKnowledge
41356

File size:
643.3 KB (658,776 bytes)

Product version:
1.0.5641.18433

Copyright:
Copyright © 2015

Original file name:
RapidPCCleaner.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\rapid utilities\rapidpccleaner\rapidpccleaner.exe

Digital Signature
Signed by:
Programs Pipe

Authority:
COMODO CA Limited

Valid from:
1/6/2015 4:00:00 PM

Valid to:
1/7/2016 3:59:59 PM

Subject:
CN=Programs Pipe, O=Programs Pipe, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=MO, PostalCode=64112, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
42E07146024C2858623C47C5DB168B1A

File PE Metadata
Compilation timestamp:
6/12/2015 8:14:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:LHBCNMSVleLCqcOAzUAFG8FiVxAVlxTUEdLodoTOcbHP+Jndhg5:1gVllgmUoG2VlmEWdBcbwW

Entry address:
0x8F19E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 0E, 00, 00, 00, 40, 00...
 
[+]

Entropy:
5.5642

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
564.5 KB (578,048 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RapidPCCleaner

Command:
"C:\users\{user}\appdata\local\rapid utilities\rapidpccleaner\rapidpccleaner.exe" \min=true


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to s3-us-west-2.amazonaws.com  (54.231.176.144:443)

TCP (HTTP):
Connects to ec2-54-235-192-40.compute-1.amazonaws.com  (54.235.192.40:80)

Scan RapidPCCleaner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.