home

security_cleaner.exe

The application security_cleaner.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from xfbozxb.bounceme.net.
MD5:
55564a945f70a9dc3bc70ffbf4a0b0c7

SHA-1:
77f4495c95777dacf23435ae35b5503a888ce3d3

SHA-256:
0c28849616e9a03cbaec1e8ad68b214797a6a5d9d433c14cf4a2987d77d6e0a6

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 9:09:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:FakeAV-FAS [Cryp]
160126-1

Dr.Web
Trojan.Fakealert.37412
9.0.1.05190

ESET NOD32
Win32/Adware.SystemSecurity.AL application
7.0.302.0

Kaspersky
Trojan-Ransom.Win32.Blocker
15.0.0.562

McAfee
Trojan.Ransom-FMP!55564A945F70
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6155.0

Norman
Gen:Variant.Adware.Kazy.195641
03.02.2016 07:38:05

Sophos
Virus 'Troj/Agent-ACMK'
5.23

VIPRE Antivirus
Threat.4784070
47174

File size:
386.5 KB (395,776 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\security_cleaner.exe

File PE Metadata
Compilation timestamp:
6/29/2013 11:10:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:KQD11v/igsoa2nrsH9yqpCx/aLA5CMJAz3YiIBn85DyIZowfd3ECLn3aIehSGy:bFvDhrsdy2ClIYpBn8dZbf3T3Pl

Entry address:
0x1000

Entry point:
E8, 05, 00, 00, 00, DC, D6, 6F, DB, A3, 90, 90, 90, 90, 90, 90, 90, 90, 85, C0, 75, 11, 83, F8, 00, 90, 90, 90, 90, 74, 17, 00, 00, 00, 00, 00, 00, 90, 90, 83, F9, 00, 74, 0A, DC, D6, 6F, DB, A3, E9, 7F, 01, 00, 00, 8B, 44, 24, D4, 83, F8, 00, 74, 12, 3D, 08, 04, 00, 00, 74, 0B, 00, 00, 00, 00, 00, CC, E9, 64, 01, 00, 00, 8B, EC, 83, EC, 40, BE, 00, 30, 40, 00, FF, 35, 34, 20, 40, 00, 68, 08, 02, 00, 00, 56, FF, 54, 24, 08, B9, 2C, 00, 00, 00, 56, 5A, 03, D0, 03, D1, BB, CC, 11, 40, 00, 03, D9, 83, EB, 01...
 
[+]

Entropy:
7.9776  (probably packed)

Code size:
512 Bytes (512 bytes)

The file security_cleaner.exe has been seen being distributed by the following URL.

http://xfbozxb.bounceme.net/index.php?c=RaEQL35QhmE5hpsG1K2BVHXjwbX1RWHaxc /w3RUdIqehfNDkTiPnTaGnAcBh1wMt2dd3/4NbsSvnLQsWB/.../LsCfDW89SiHPcWeg==

Remove security_cleaner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.