» turbocleanpc@clk=acbt61ls0ggadtoaduff2oqurb9osjtoujeohl__f5foagaaaaa.exe
Overview
Analysis
File Details
Downloads (277)

turbocleanpc@clk=acbt61ls0ggadtoaduff2oqurb9osjtoujeohl__f5foagaaaaa.exe

Turbo Clean PC

Rainmaker Software Group, LLC

The application turbocleanpc@clk=acbt61ls0ggadtoaduff2oqurb9osjtoujeohl__f5foagaaaaa.exe by Rainmaker Software Group has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from windows.clean-my-pc.org and multiple other hosts.

File name:

Publisher:

Rainmaker Software Group LLC (signed by Rainmaker Software Group, LLC)

Product:

Turbo Clean PC

Version:

4.1

MD5:

41a21c0d978d294a0cc6fe5f45b6d43e

SHA-1:

b281ede4db53a0ef965d3320b748896ace181af6

SHA-256:

42d1d3a67cb99297a34ec94383b89e388c2a7cf1215822ccda7cee2951033510

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 10:32:15 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Rainmaker.Installer.Meta (L)

16.6.13.20

File size:

1.5 MB (1,625,128 bytes)

Product version:

4.1

Rainmaker Software Group LLC

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\turbocleanpc@clk=acbt61ls0ggadtoaduff2oqurb9osjtoujeohl__f5foagaaaaa.exe

Digital Signature

Signed by:

Rainmaker Software Group, LLC

Authority:

Symantec Corporation

Valid from:

7/27/2015 5:00:00 PM

Valid to:

7/27/2016 4:59:59 PM

Subject:

CN="Rainmaker Software Group, LLC", O="Rainmaker Software Group, LLC", L=Wilmington, S=Delaware, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

1A8C64EAAEC0D059B1F73CD6A286B81D

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:ca8gphtehE4VGGbm3F1PQIDNtbcinXBgh:R8gphMhXVGj3vJ3Rgh

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9915

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file turbocleanpc@clk=acbt61ls0ggadtoaduff2oqurb9osjtoujeohl__f5foagaaaaa.exe has been seen being distributed by the following 50 URLs.

http://windows.clean-my-pc.org/tcp-lp-t1?AMIXu0Tw0ggADToA4FTVOvzB_HBnQ5KhWj8RBx7qns8fAQAAAAA&rwp_campaignid=79362&rwp_clk=AMIXu0Tw0ggADToA4FTVOvzB_HBnQ5KhWj8RBx7qns8fAQAAAAA&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AMpeTZwR0wgADToAw_UIavTrKEOLTp6lOcB8BtrEr9M3BgAAAAAHAAE&rwp_campaignid=100911&rwp_clk=AMpeTZwR0wgADToAw_UIavTrKEOLTp6lOcB8BtrEr9M3BgAAAAAHAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ABgcv40b0wgADToAyuTMhOC-r8jeT6PvU1zs5d78V4wCAAAAAAAJAAE&rwp_campaignid=83348&rwp_clk=ABgcv40b0wgADToAyuTMhOC-r8jeT6PvU1zs5d78V4wCAAAAAAAJAAE&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ANL5u_cr0wgAA_-G98jQvpecgjZOTqUYKxhuHFq6k61JAAAAAAADAAE&rwp_campaignid=83342&rwp_clk=ANL5u_cr0wgAA_-G98jQvpecgjZOTqUYKxhuHFq6k61JAAAAAAADAAE&rwp_al=g0gle&rwp_lpid=2

http://clean-my-pc.org/tcp-t1?ANBBJ4rZ0ggADToA0sXOKY7xkaP0SobyMa_zA-YjFuazAAAAAAA&rwp_campaignid=54203&rwp_clk=ANBBJ4rZ0ggADToA0sXOKY7xkaP0SobyMa_zA-YjFuazAAAAAAA

http://my-pc-cleaner.org/tcp-t1?AAAnmjoK0wgADToAyQ4UoAdrmu9SRKQgejmnfeh6ke7pAQAAAAAHAAE&rwp_campaignid=100915&rwp_clk=AAAnmjoK0wgADToAyQ4UoAdrmu9SRKQgejmnfeh6ke7pAQAAAAAHAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?APCoZyA_0wgAA_-G9-WVo21PGgSURZONJT5Gf-bBzqWUAQAAAAAAAAE&rwp_campaignid=100915&rwp_clk=APCoZyA_0wgAA_-G9-WVo21PGgSURZONJT5Gf-bBzqWUAQAAAAAAAAE&rwp_al=g0gle&rwp_lpid=1

http://clean-my-pc.org/tcp-t1?AJh58Br40ggADToA5xZgJOWK-omOT4JTC6oOmNZro99hCwAAAAA&rwp_campaignid=53491&rwp_clk=AJh58Br40ggADToA5xZgJOWK-omOT4JTC6oOmNZro99hCwAAAAA&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ACw91sMR0wgADToAxFx6pVXT9b21Q4jWGsRGfJeMqANNBgAAAAAEAAE&rwp_campaignid=100912&rwp_clk=ACw91sMR0wgADToAxFx6pVXT9b21Q4jWGsRGfJeMqANNBgAAAAAEAAE&rwp_al=g0gle&rwp_lpid=2

http://windows.clean-my-pc.org/tcp-lp-t1?AE7adJv60ggADToAY0cO-MyV0f8LSKbL7eN6-sselroWAAAAAAAIAAE&rwp_campaignid=80259&rwp_clk=AE7adJv60ggADToAY0cO-MyV0f8LSKbL7eN6-sselroWAAAAAAAIAAE&rwp_al=g0gle&rwp_lpid=2

http://clean-my-pc.org/tcp-t1?AGZzRCDX0ggADToAE5ZY5eawDQiaTqdYdgJ0mEE4YTFCAAAAAAA&rwp_campaignid=54201&rwp_clk=AGZzRCDX0ggADToAE5ZY5eawDQiaTqdYdgJ0mEE4YTFCAAAAAAA

http://my-pc-cleaner.org/tcp-t1?AN77EJIf0wgAA_-LE3I2U9qb4GrNT6gHqsneW3s6jeSUAQAAAAADAAE&rwp_campaignid=83342&rwp_clk=AN77EJIf0wgAA_-LE3I2U9qb4GrNT6gHqsneW3s6jeSUAQAAAAADAAE&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AKBUUxz80ggADToAY0dZCyBs8PGnT6HKNGvtyDS3sdbjAAAAAAADAAE&rwp_campaignid=86717&rwp_clk=AKBUUxz80ggADToAY0dZCyBs8PGnT6HKNGvtyDS3sdbjAAAAAAADAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ADBLT8wj0wgAA_-LB8cxINBfFwcwR4y-tPCEiRykZqgsBAAAAAAIAAE&rwp_campaignid=95741&rwp_clk=ADBLT8wj0wgAA_-LB8cxINBfFwcwR4y-tPCEiRykZqgsBAAAAAAIAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?AOQMLZsu0wgAA_-LF1nuluTpiPPwQKSrXs-Jk-UaPa4AAQAAAAABAAE&rwp_campaignid=97863&rwp_clk=AOQMLZsu0wgAA_-LF1nuluTpiPPwQKSrXs-Jk-UaPa4AAQAAAAABAAE&rwp_al=g0gle&rwp_lpid=2

http://clean-my-pc.org/tcp-t1?AJRxo67q0ggADToAwCWqmK6jxysIQ6Al6QDj3pq9Mj4SCAAAAAA&rwp_campaignid=54201&rwp_clk=AJRxo67q0ggADToAwCWqmK6jxysIQ6Al6QDj3pq9Mj4SCAAAAAA&rwp_al=g0gle

http://my-pc-cleaner.org/tcp-t1?AEzo6W0u0wgAA_-LF1nuluTpiPPwQKSrXs-Jk-UaW8fnAAAAAAABAAE&rwp_campaignid=97863&rwp_clk=AEzo6W0u0wgAA_-LF1nuluTpiPPwQKSrXs-Jk-UaW8fnAAAAAAABAAE&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AGixMzkl0wgAA_-LE3JZ5J2HDQtLQo6-D6ph0pMm3sT2AgAAAAAGAAE&rwp_campaignid=100912&rwp_clk=AGixMzkl0wgAA_-LE3JZ5J2HDQtLQo6-D6ph0pMm3sT2AgAAAAAGAAE&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ALT_dbUm0wgAA_-LMpLSgOaxYElwQrQqlGtFD2EpCLE4AAAAAAAGAAE&rwp_campaignid=100912&rwp_clk=ALT_dbUm0wgAA_-LMpLSgOaxYElwQrQqlGtFD2EpCLE4AAAAAAAGAAE&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ABTukXU40wgAA_9yWHiIsHbjc6NqSo6t0Wj78u5UKnDBBgAAAAAIAAE&rwp_campaignid=76787&rwp_clk=ABTukXU40wgAA_9yWHiIsHbjc6NqSo6t0Wj78u5UKnDBBgAAAAAIAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ADoYg74X0wgADToAx1C6wJxl3eOzSIPXNfsBys6vbR82AQAAAAAFAAE&rwp_campaignid=97863&rwp_clk=ADoYg74X0wgADToAx1C6wJxl3eOzSIPXNfsBys6vbR82AQAAAAAFAAE&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AGLcQ8P80ggADToBfEYLZetUspubSKWgO5ZlTaBYow4lAAAAAAAJAAE&rwp_campaignid=80259&rwp_clk=AGLcQ8P80ggADToBfEYLZetUspubSKWgO5ZlTaBYow4lAAAAAAAJAAE&rwp_al=g0gle&rwp_lpid=2

http://clean-my-pc.org/tcp-t1?AFz3ecXr0ggADToA7X0HDJniiB3CRoPUbfW6vTjUD2AcCQAAAAA&rwp_campaignid=53491&rwp_clk=AFz3ecXr0ggADToA7X0HDJniiB3CRoPUbfW6vTjUD2AcCQAAAAA&rwp_al=g0gle

http://my-pc-cleaner.org/tcp-t1?ALB3V1gQ0wgADToAygyPvldihtNxSK3U6EifjtbhaPlqBQAAAAAEAAE&rwp_campaignid=100914&rwp_clk=ALB3V1gQ0wgADToAygyPvldihtNxSK3U6EifjtbhaPlqBQAAAAAEAAE&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AIy8lYQ50wgAA_-LDaEQY1SQBrZtT5-zgL7VSgS4tTthAAAAAAAHAAE&rwp_campaignid=92426&rwp_clk=AIy8lYQ50wgAA_-LDaEQY1SQBrZtT5-zgL7VSgS4tTthAAAAAAAHAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ACKQhUlI0wgAA_-G-8jFKl9sYJlkR4AH7vX18-dhgvntAgAAAAAIAAE&rwp_campaignid=139250&rwp_clk=ACKQhUlI0wgAA_-G-8jFKl9sYJlkR4AH7vX18-dhgvntAgAAAAAIAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ACixkjUK0wgADToAwaQ4Z0FxM9PBSY9KVwYcojyv60jlAQAAAAAHAAE&rwp_campaignid=80259&rwp_clk=ACixkjUK0wgADToAwaQ4Z0FxM9PBSY9KVwYcojyv60jlAQAAAAAHAAE&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AFp8xGFF0wgAA_-LFZ_TRNgo1O36SKbhJNbB1UATrccSAQAAAAABAAE&rwp_campaignid=97865&rwp_clk=AFp8xGFF0wgAA_-LFZ_TRNgo1O36SKbhJNbB1UATrccSAQAAAAABAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?AOjhYPYC0wgADToAx3WBrw1ciM1XRI5DKRF5N2VgwMqPAAAAAAACAAE&rwp_campaignid=53491&rwp_clk=AOjhYPYC0wgADToAx3WBrw1ciM1XRI5DKRF5N2VgwMqPAAAAAAACAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?AFTZ9XQx0wgAA_-LE29ZPyNKErGwRqLnTj92UXPlURFxAgAAAAADAAE&rwp_campaignid=95741&rwp_clk=AFTZ9XQx0wgAA_-LE29ZPyNKErGwRqLnTj92UXPlURFxAgAAAAADAAE&rwp_al=g0gle&rwp_lpid=1

Latest 30 of 277 download URLs

Remove turbocleanpc@clk=acbt61ls0ggadtoaduff2oqurb9osjtoujeohl__f5foagaaaaa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.