home

security_cleaner.exe

Source Medical Solutions Inc.

The application security_cleaner.exe by Source Medical Solutions has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from lademdsck.myvnc.com.
Publisher:
Source Medical Solutions Inc.  (signed and verified)

MD5:
9076ba690ae9e358f258b897b56d2f30

SHA-1:
67e5cb1d81a0e726c506461a4ad3c26c3f81229c

SHA-256:
5d8ec11aa6a0a78a69c512fea53af2e7bd34e2d96ee3738ef6be8f19d5229ff3

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
1/14/2025 10:43:17 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crypt-QCB [Trj]
160216-0

Dr.Web
Trojan.Winlock.9260
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.277458
11.5.0.6191

ESET NOD32
Win32/Kryptik.BMZM trojan
8.0.319.0

F-Secure
Variant.Adware.Kazy
5.15.21

Kaspersky
Trojan-FakeAV.Win32.SmartFortress2012
15.0.0.562

McAfee
Trojan.FakeAlert-FSE!9076BA690AE9
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.2524.0

Norman
Gen:Variant.Adware.Kazy.277458
29.02.2016 03:11:57

File size:
515.6 KB (528,024 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\security_cleaner.exe

Digital Signature
Signed by:
Source Medical Solutions Inc.

Authority:
VeriSign, Inc.

Valid from:
1/24/2013 4:00:00 PM

Valid to:
3/26/2014 4:59:59 PM

Subject:
CN=Source Medical Solutions Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Source Medical Solutions Inc., L=Birmingham, S=Alabama, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6260A35CA2ED3B8CB8F2DEAB4740EB36

File PE Metadata
Compilation timestamp:
10/19/2013 10:59:00 AM

OS version:
5.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
3.1

CTPH (ssdeep):
12288:Ye6+1aFSTuFYxPJ7wHbl1Y/UHR8VQpbuMD28O5IzuIRsjhX6AG:Yet1oSiihJ7wHY/UyabRD2H5KmC

Entry address:
0x1000

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 21, B8, 01, 4C, 74, C0, 03, 38, E3, 65, 20, 00, C1, 92, 3C, 61, 65, B4, DB, A9, 6A, 03, B0, B7, 64, 6A, 4E, 24, 9E, BD, 71, 40, 8A, 51, 1A, 89, B4, 3B, F8, A3, 62, BE, D6, 8C, 26, C9, 1B, E4, 21, 70, 82, 8E, A7, CF, 93, F8...
 
[+]

Entropy:
7.9742  (probably packed)

Code size:
20 KB (20,480 bytes)

The file security_cleaner.exe has been seen being distributed by the following URL.

http://lademdsck.myvnc.com/index.php?c=RaEQL35Qhmc8kIMMyK2XS3njzajgEyyBice/.../a5WPXV9MHu

Remove security_cleaner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.