» sophosclean_x64.exe
Overview
Analysis
File Details
Programs (1)
Downloads (3)

sophosclean_x64.exe

Sophos Clean

SurfRight B.V.

This is installed with Sophos Clean. The file has been seen being downloaded from dl-web.dropbox.com and multiple other hosts.

File name:

sophosclean_x64.exe

Publisher:

Sophos Limited (signed by SurfRight B.V.)

Product:

Sophos Clean

Description:

SophosClean

Version:

3, 7, 13, 262

MD5:

ea154bc56b3f52b4842014cae1d1bc83

SHA-1:

29e599fb19b7cf9534c8144e4e71899b0c18984f

SHA-256:

ec3b20009037efcaad0a161cb97b011998c1f1eb1c0ccd67eed8258b39c7ecb7

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/15/2024 8:48:45 AM UTC (today)

File size:

11.1 MB (11,619,360 bytes)

Product version:

3, 7, 13, 262

Original file name:

SophosClean.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\sophosclean_x64.exe

Digital Signature

Signed by:

SurfRight B.V.

Authority:

VeriSign, Inc.

Valid from:

1/7/2016 7:00:00 PM

Valid to:

2/3/2017 6:59:59 PM

Subject:

CN=SurfRight B.V., O=SurfRight B.V., L=Hengelo, S=Overijssel, C=NL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

62C8976F3B1E76427F2D7F26FBE61C21

File PE Metadata

Compilation timestamp:

4/22/2016 9:18:05 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:DTH07iNaKhGRIJ+ynH0euQ2aW/3TqE4DzhZ+a8rUYDu8WgzHigZe4SKVEB4:fU+NaKhGRIJ57X4Tczr8Pu8WgLiZKEB4

Entry address:

0x296C38

Entry point:

48, 83, EC, 28, E8, 6B, DC, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, 48, 85, C9, 75, 0A, 48, 8B, CA, E8, 52, AE, FF, FF, EB, 6A, 48, 85, D2, 75, 07, E8, 06, AE, FF, FF, EB, 5C, 48, 83, FA, E0, 77, 43, 48, 8B, 0D, C7, CD, 15, 00, B8, 01, 00, 00, 00, 48, 85, DB, 48, 0F, 44, D8, 4C, 8B, C7, 33, D2, 4C, 8B, CB, FF, 15, 55, 15, 04, 00, 48, 8B, F0, 48, 85, C0, 75, 6F, 39, 05, E7, D3, 15, 00, 74, 50, 48, 8B, CB, E8, 21... 
[+]

Entropy:

7.1589

Code size:

2.8 MB (2,974,720 bytes)

The file sophosclean_x64.exe has been discovered within the following program.

Sophos Clean by Sophos Limited

www.sophos.com

About 9% of users remove it

The file sophosclean_x64.exe has been seen being distributed by the following 3 URLs.

https://dl-web.dropbox.com/.../SophosClean_x64.exe

http://external.comss.ru/url.php?url=http://dl.comss.ru/.../SophosClean_x64.exe

https://secure2.sophos.com/.../DownloadRedirect.aspx?downloadKey=7a189ed6-038d-4c81-899d-67a105d42d00

Scan sophosclean_x64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.