rchelper.exe

Registry Clean Expert

CleanMyPC Software

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
iExpert Software  (signed by CleanMyPC Software)

Product:
Registry Clean Expert

Description:
RegClean Expert Scheduler

Version:
4, 5, 3, 0

MD5:
5c538be9a8f7d279b8fec3af388cd7f4

SHA-1:
13796d3ae2f1f1b2aa40a3425faa45410650fce2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:41:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.11.14.9

File size:
585.2 KB (599,288 bytes)

Product version:
4, 5, 3, 0

Copyright:
Copyright (C) 2001-2007

Original file name:
RCScheduler.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\registry clean expert\rchelper.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
3/30/2007 7:00:00 AM

Valid to:
3/30/2010 6:59:59 AM

Subject:
CN=CleanMyPC Software, O=CleanMyPC Software, STREET="Room 305, Building 01B, MuXuYuan Street 66#", L=NanJing, S=JiangSu, PostalCode=210007, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A8AC359D82019ABB29423B87491BA8C5

File PE Metadata
Compilation timestamp:
9/25/2007 6:32:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:PCwi6RdlxE5oGZ841o4+7yT+3PgjZ2SO6b7MP+Dd2Fb:PxFRdSTS+S3PgVH7MP+h2Fb

Entry address:
0x1000

Entry point:
68, 01, 60, 49, 00, E8, 01, 00, 00, 00, C3, C3, EF, 04, A9, 5B, 48, E3, C5, BB, 91, 82, AC, 69, 1A, B8, 42, A8, 85, 65, 25, CA, 49, 4B, 15, AE, 3E, 29, 31, C0, 01, 1B, CC, 36, 60, 59, D7, 0E, 31, 4F, A6, 33, 8E, E0, 69, B5, 3B, 19, 1B, 72, 8D, 1A, BC, BB, 82, 3E, E9, BF, EA, 5A, 4C, 80, 11, 54, FE, 14, A1, E6, 46, CB, 31, C6, F1, 37, 8E, 90, 2F, AD, 1C, A6, 88, 7B, 69, B4, E3, 1F, 98, B1, C8, A3, CB, 5F, B5, 21, 4B, E8, 1C, 63, 2E, 46, E3, 0D, 9F, 1E, 6C, 21, 8F, 88, 88, 7B, 45, 41, 0A, 64, 84, 81, 8C, 11...
 
[+]

Entropy:
7.5737

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
172 KB (176,128 bytes)

Remove rchelper.exe - Powered by Reason Core Security