» security_cleaner.exe
Overview
Analysis
File Details
Downloads (1)

security_cleaner.exe

The executable security_cleaner.exe has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from oiqtuqdi.servebeer.com.

File name:

MD5:

82c8377c7d846a84f5a0f7c3923d635b

SHA-1:

ac6cb0701b9cd35c00ad0520a36e720bfa4e64c7

SHA-256:

c306683493a6b4e0c9b28d1af179e975e19109c30a9b7ba2dedd02e00d710d27

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

12/28/2024 2:11:12 AM UTC (today)

Scan engine

Detection

Engine version

Fortinet FortiGate

W32/AutoRun.WEU!worm

1/13/2016

Kaspersky

Trojan-FakeAV.Win32.CProtection

14.0.0.825

McAfee

PWS-Zbot.gen.ary

5600.6522

Microsoft Security Essentials

Rogue:Win32/FakeRean

1.163.1557.0

Panda Antivirus

Suspicious file

16.01.13.01

File size:

234 KB (239,616 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\security_cleaner.exe

File PE Metadata

Compilation timestamp:

12/21/2012 1:21:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.14

CTPH (ssdeep):

6144:eSAIwYX1lSyE7Un4BNrOMXDuZMPCUkTgsbJwX9:uYFUM46MSWdkTpbJwX9

Entry address:

0x411B

Entry point:

55, 8B, EC, 83, E4, F8, 81, EC, 38, 02, 00, 00, 53, 56, 6A, 78, 58, 68, 44, C4, 41, 00, 68, 5C, C4, 41, 00, 66, A3, C8, C3, 41, 00, FF, 15, F4, B9, 43, 00, 66, 8B, 44, 24, 46, 6A, 10, 68, 78, C4, 41, 00, 68, 48, C6, 41, 00, 66, A3, CA, C3, 41, 00, FF, 15, FC, B9, 43, 00, 8D, 44, 24, 34, 89, 44, 24, 24, 8D, 45, 04, 50, E8, 8E, 01, 00, 00, A3, DC, C3, 41, 00, A1, DC, C3, 41, 00, 8B, 40, 04, A3, D0, C3, 41, 00, A1, DC, C3, 41, 00, 8B, 40, 08, A3, D4, C3, 41, 00, A1, DC, C3, 41, 00, 8B, 40, 0C, A3, D8, C3, 41... 
[+]

Entropy:

7.2001

Developed / compiled with:

Microsoft Visual C++

Code size:

107 KB (109,568 bytes)

The file security_cleaner.exe has been seen being distributed by the following URL.

http://oiqtuqdi.servebeer.com/.../kIcHyKycU2Lq3bDgW2GSiNy 2HVZf8nAluVQyGmfnDqQ11kBjE4OpXhdgKkccsLkwqY6SkCruf6R0txe0r6sIqXpXKTXotP3W k=

Remove security_cleaner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.