rchelper.exe

Registry Clean Expert

CleanMyPC Technology Limited

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Free Registry Defrag by iExpert Software and Registry Clean Expert by iExpert Software.
Publisher:
iExpert Software  (signed by CleanMyPC Technology Limited)

Product:
Registry Clean Expert

Description:
RegClean Expert Scheduler

Version:
4, 9, 0, 0

MD5:
cf5b3062ed96ea4e5c0284e1585168c4

SHA-1:
a83a493e73f829c146ffee56f864f78766f87a4c

SHA-256:
b6080cf5dfe9dccd5f28ace8aefbbf3f7b5f945177d65ae62960b4bc9992159a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:26:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.11.4.6

File size:
591.3 KB (605,464 bytes)

Product version:
4, 9, 0, 0

Copyright:
Copyright (C) 2001-2012

Original file name:
RCScheduler.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\registry clean expert\rchelper.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/28/2012 7:00:00 PM

Valid to:
3/29/2017 6:59:59 PM

Subject:
CN=CleanMyPC Technology Limited, O=CleanMyPC Technology Limited, STREET="ROOM C1D 6/F, WING HING INDUSTRIAL BUILDING", STREET=14 HING YIP STREET, STREET="KWUN TONG, KOWLOON", L=HONG KONG, S=NA, PostalCode=NA, C=HK

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B22D5ED33A336918E76BE3A5C6CB25F1

File PE Metadata
Compilation timestamp:
11/1/2012 9:29:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:5/eKGsCfj1wwgOjF1yT+3PgjZ2So6b7MP+Dd21nw2lp:gn7iOjFkS3PgVh7MP+h21wIp

Entry address:
0x1000

Entry point:
68, 01, 70, 49, 00, E8, 01, 00, 00, 00, C3, C3, 6F, B3, 23, 11, C9, 1B, 6E, 65, E3, 29, 0D, A6, 04, E0, FC, C2, FA, 7A, 0F, 21, 30, 86, 1A, 6E, 0F, A4, 9C, 70, F1, 1B, E4, 10, F9, B8, 65, 3D, 0D, AA, 06, 36, 5D, DB, 1F, B9, 53, 71, 8F, C4, 40, 52, E4, 20, 33, F9, B5, 42, 41, 34, 55, 8F, 2A, 59, 15, 16, 35, DC, 69, C0, 2A, D5, A6, 75, B3, 09, A4, B2, 5F, 8C, 8B, E5, 9B, 3A, 2A, B9, 7C, E5, 67, 68, B0, 12, 16, BD, D5, F9, 18, 68, D5, 94, 4B, E5, E7, 96, E6, 42, 70, D5, 52, 5E, 92, A6, 79, 81, 79, A9, 86, 53...
 
[+]

Entropy:
7.6235

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
172 KB (176,128 bytes)

The file rchelper.exe has been discovered within the following programs.

Free Registry Defrag  by iExpert Software
Free Registry Defrag from iExpert Software is registry fixer utility whose purported purpose is to remove redundant items from the Windows registry.
www.registry-clean.net
49% remove it
Registry Clean Expert  by iExpert Software
This is a 'registry cleaner' that is supposed to clean or fix a PC by removing invalid registry settings.
50% remove it
 
Powered by Should I Remove It?

Remove rchelper.exe - Powered by Reason Core Security