rcpsetup_15294.exe

RegClean Pro

Systweak Inc

The application rcpsetup_15294.exe by Systweak Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. This file is typically installed with the program RegClean Pro by Systweak Inc. The file has been seen being downloaded from cdn1.file.org.
Publisher:
Systweak Inc   (signed by Systweak Inc)

Product:
RegClean Pro

Version:
RegClean Pro

MD5:
77fa32e233059dd9a80ddddc0635779e

SHA-1:
8cef90647c1cec09ebae83b629ec3a3837a9413b

SHA-256:
640dcae77f2b245121aed9a5f05f5d9c57a62967a78ff574ae5de16c7aa148f7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 1:17:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Systweak.Installer.Meta (L)
16.6.11.0

File size:
4.2 MB (4,451,712 bytes)

Product version:
6.21

Copyright:
© Systweak Inc

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rcpsetup_15294.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/8/2010 7:00:00 PM

Valid to:
3/10/2013 7:59:59 PM

Subject:
CN=Systweak Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Systweak Inc, L=JAIPUR, S=Rajasthan, C=IN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F57407B1F0C3DF506BB71A0E3F0EFD2

File PE Metadata
Compilation timestamp:
10/30/2010 4:54:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:4Lhq6Ragee4JhsEDRIYyi5dYMh6MZ3kjH8sL944veACeUq51kZS0:4LA6RaxHJ6gRii5dYMsJ7pbepeUqf85

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.9202

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file rcpsetup_15294.exe has been discovered within the following program.

RegClean Pro  by Systweak Inc
Publisher's description - “Fix your slow PC, eliminate registry errors and improve your PC performance easily with RegClean Pro. RegClean Pro cleans such invalid registry errors using its advanced scan engine.”
www.systweak.com/RegCleanPro
57% remove it
 
Powered by Should I Remove It?

The file rcpsetup_15294.exe has been seen being distributed by the following URL.

Remove rcpsetup_15294.exe - Powered by Reason Core Security