home

rcpsetup_r.exe

RegClean Pro

Systweak Software

This is part of the RegClean software (a PC registry cleaner) that may be installed through an unwanted offers via a 3rd party installer. The application rcpsetup_r.exe by Systweak Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This file is typically installed with the program RegClean Pro by Systweak Inc. The file has been seen being downloaded from systweak.cleverbridge.com and multiple other hosts.
Publisher:
Systweak Inc   (signed by Systweak Software)

Product:
RegClean Pro

Version:
RegClean Pro

MD5:
e2b49b19988e857d3b2cb5eb73a95729

SHA-1:
10c12264f851de98407e7e514783b246ed348e11

SHA-256:
41b393e77d7d760357cd26bdc634a6d61e17ae2679ded5b640a24cc635525d16

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
While this is not malware, it is typically included with a bundled installation that might have been installed with minimal user consent and may present unwanted warnings and popups.

Analysis date:
11/23/2024 1:51:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Systweak.Installer.Meta (L)
16.6.9.19

File size:
4.8 MB (5,034,840 bytes)

Product version:
6.21

Copyright:
© Systweak Inc

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rcpsetup_r.exe

Digital Signature
Signed by:
Systweak Software

Authority:
VeriSign, Inc.

Valid from:
10/12/2012 2:00:00 AM

Valid to:
10/13/2015 1:59:59 AM

Subject:
CN=Systweak Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Systweak Software, L=Jaipur, S=Rajasthan, C=IN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59F8D19475E75F9338DF32A94183402F

File PE Metadata
Compilation timestamp:
7/9/2012 3:41:29 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:8Pg8I4KqTXnEJVHA3omL9qF3jkR9QmQD9a+mZRQUkXKHdb8yz:0Bywn93oW9NQD9PqaXKHdII

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B8, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 56, EC, FF, FF, E8, FD, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, E8, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, D6, 41, 00, B2, 01...
 
[+]

Code size:
84 KB (86,016 bytes)

The file rcpsetup_r.exe has been discovered within the following program.

RegClean Pro  by Systweak Inc
Publisher's description - “Fix your slow PC, eliminate registry errors and improve your PC performance easily with RegClean Pro. RegClean Pro cleans such invalid registry errors using its advanced scan engine.”
www.systweak.com/RegCleanPro
57% remove it
 
Powered by Should I Remove It?

The file rcpsetup_r.exe has been seen being distributed by the following 50 URLs.

http://systweak.cleverbridge.com/305/.../55657484-EkQscwCEYtY9Gv5ab1lO-1-2-1

http://systweak.cleverbridge.com/305/.../52859301-u50DmlwxAyb3KJCmGKA3-1-2-1

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://systweak.cleverbridge.com/305/.../55307395-dPyHJCPkK7YiIGA4Xrb3-1-2-1

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://systweak.cleverbridge.com/305/.../53907319-Yxme73w5Px6Tz8Y2197H-1-2-1

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://systweak.cleverbridge.com/305/.../49245704-t3FeJEv1RyPVigEBlnhD-1-2-1

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://systweak.cleverbridge.com/305/.../49935289-0ZyZyHkREA5ws64KuAV1-1-2-1

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://systweak.cleverbridge.com/305/.../54164861-VENUqOe2JdIj8j5jtD94-1-2-1

http://systweak.cleverbridge.com/305/.../48821995-vB6k5iI34nzdeS7d25LP-1-2-1

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://systweak.cleverbridge.com/305/.../54739294-0XEYxJ9qwNmLTbkvrJfJ-1-2-1

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

http://dl.cleverbridge.com/305/.../rcpsetup_r.exe

Latest 30 of 61 download URLs

Remove rcpsetup_r.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.