» sparktrust pc cleaner plus setup_4c34d986-49f9-4329-9282-a0d692bc58af_.exe
Overview
Analysis
File Details
Downloads (22)

sparktrust pc cleaner plus setup_4c34d986-49f9-4329-9282-a0d692bc58af_.exe

SparkTrust Systems

The application sparktrust pc cleaner plus setup_4c34d986-49f9-4329-9282-a0d692bc58af_.exe, “SparkTrust PC Cleaner Plus Installer” by SparkTrust Systems has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from RevenueWire's affiliate distribution platform spark.sparktrust.revenuewire.net and multiple other hosts.

File name:

Publisher:

SparkTrust (signed by SparkTrust Systems)

Description:

SparkTrust PC Cleaner Plus Installer

Version:

3.3.18.0

MD5:

4f85521dea0bf8ac123e095a672ed417

SHA-1:

4e8dcca2ce45e4ab2c5f6d68e9f6cfca0778f8d6

SHA-256:

f56a00ddc6e04ee9bc9b6d2aa6c68ae0b4ec451ef81a83fcaf94807cbbf3e25d

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 2:27:07 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.SparkTrust (L)

16.11.11.0

File size:

10.9 MB (11,418,936 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\sparktrust pc cleaner plus setup_4c34d986-49f9-4329-9282-a0d692bc58af_.exe

Digital Signature

Signed by:

SparkTrust Systems

Authority:

DigiCert Inc

Valid from:

3/28/2016 5:00:00 PM

Valid to:

4/3/2017 5:00:00 AM

Subject:

CN=SparkTrust Systems, O=SparkTrust Systems, L=Victoria, S=British Columbia, C=CA, PostalCode=V8R 1J6, STREET=1839-A Fort St., SERIALNUMBER=FM0535136, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

066781E7E45D8F4E89554653E7588DC8

File PE Metadata

Compilation timestamp:

2/24/2012 11:19:59 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:HbHUT+viyxBR2QDllmreOb0vaK60rtja/wJkrYvyVKhI0MMnXR1S4r3J:HAT+aaRdD63GaK60r0/wsHVRJMBPbJ

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Entropy:

7.9994

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file sparktrust pc cleaner plus setup_4c34d986-49f9-4329-9282-a0d692bc58af_.exe has been seen being distributed by the following 22 URLs.

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=55ADB5C0-6838-479A-8077-D7E469C83671

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=DF4758AF-31F3-4098-96A3-392E5E2CBFEA

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=8C4B59C9-9FFB-40B2-BA5C-FEEE07CA56FA

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=2A6A8966-A5D9-4F84-ADD3-CA45FC3C6319

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=B36A6DE0-5597-4D9F-A099-0C80377F655D

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=8691054E-7B3F-415B-9ED0-8D1EA420E946

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=F926CCAB-9DA6-40CF-BDC3-74E6E6761059

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=17775824-B26F-4214-8F37-693BDA0DEBBD

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=DDC77FC6-E18D-44E2-97F9-F1B53D89A644

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=8B8AAD26-1D08-4ED1-896F-233A6A00F437

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=948D9186-9CE4-4F70-9673-59050FD0B1C2

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=675CF1E3-9592-4F5E-8758-CC9BEEC5D5C1

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=6B0CF4F5-A7C3-4BD9-A0B9-2D934F6356EF

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=73A4E5C9-B5F2-493D-92F6-13E537D1AF96

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=7B99A72F-5C9F-43AE-8A5E-517A1D632A42

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=8B64A496-7BBD-41AB-B250-AF01A8FE7C06

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=881355AB-4F15-4219-A3D4-4D9CBC294179

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=4220F65A-CE86-4ECE-9E72-D16C550FF589

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=8F4C208F-5FBC-4B87-A87A-55B53BA6B025

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=5B640626-EE5D-4C10-8CAE-3820BE6BFFBB

http://spark.sparktrust.revenuewire.net/.../download?rwp_tguid=D651F70F-2C70-469A-A1F0-FB368585F9FF

http://cdn.sparktrust.com/sparktrust/.../SparkTrust PC Cleaner Plus Setup.exe

Remove sparktrust pc cleaner plus setup_4c34d986-49f9-4329-9282-a0d692bc58af_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.