home

regclean.exe

RegClean

The application regclean.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from cdn.file2desktop.com.
Publisher:
RegClean

Product:
RegClean

Version:
4.0

MD5:
43507f6b14e90d13b423fe0915d5ee1f

SHA-1:
06dfb4acac966bd579f9be9a9d3e89c77ef9e06b

SHA-256:
542b4e3ee38b0fa60c6aa0ce786e2958dc3d25664c09625abcc51946e43d8e1b

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/27/2024 1:55:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Dropper.J
1007

AhnLab V3 Security
PUP/Win32.Babylon
2014.02.20

Baidu Antivirus
Trojan.Win32.OutBrowse
4.0.3.1453

Bitdefender
Adware.Dropper.J
1.0.20.615

Bkav FE
W32.Clodd13.Trojan
1.3.0.4924

Dr.Web
Trojan.DownLoader10.36046
9.0.1.0123

Emsisoft Anti-Malware
Adware.Dropper
8.14.05.03.08

ESET NOD32
Win32/OutBrowse
8.9446

G Data
Adware.Dropper
14.5.24

IKARUS anti.virus
AdWare.Dropper
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11210

McAfee
Artemis!43507F6B14E9
5600.7141

MicroWorld eScan
Adware.Dropper.J
15.0.0.369

nProtect
Adware.Dropper.J
14.02.19.01

Sophos
Registry Cleaner
4.97

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
4.2 MB (4,361,549 bytes)

Copyright:
© RegClean

Trademarks:
RegClean

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\regclean.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:utCHt7oM9bdmv0s8vVRg4fnxowr5AVhNccSQxEmajkpckGbJAox:4CHxbbdlsqIzhNczQFgku

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file regclean.exe has been seen being distributed by the following URL.

http://cdn.file2desktop.com/.../RegCleanSetup4.exe

Remove regclean.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.