turbocleanpc@clk=ai6q5cvk0wgaa_-ld5z1vwgjmfmyqkk5jflrh1vdiv4ybaaaaaabaae.exe

Turbo Clean PC

SAND DOLLAR MEDIA LLC

The application turbocleanpc@clk=ai6q5cvk0wgaa_-ld5z1vwgjmfmyqkk5jflrh1vdiv4ybaaaaaabaae.exe by SAND DOLLAR MEDIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from my-pc-cleaner.org and multiple other hosts.
Publisher:
SAND DOLLAR MEDIA LLC  (signed and verified)

Product:
Turbo Clean PC

Version:
4.1

MD5:
fe49f44a41d3f66a015ec68430e49650

SHA-1:
e5ec7cfbababa6962d7b1dba5aed859f344f2b37

SHA-256:
111640df387b74e6333d454f3d5382090e4406c204bcfd682f3e687193ff1826

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:40:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Rainmaker.SANDDOLL.Installer.Meta (L)
16.6.13.20

File size:
1.8 MB (1,921,848 bytes)

Product version:
4.1

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\turbocleanpc@clk=ai6q5cvk0wgaa_-ld5z1vwgjmfmyqkk5jflrh1vdiv4ybaaaaaabaae.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/14/2016 4:00:00 PM

Valid to:
2/14/2017 3:59:59 PM

Subject:
CN=SAND DOLLAR MEDIA LLC, O=SAND DOLLAR MEDIA LLC, L=Deerfield Beach, S=Florida, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6DAADE0DD074BCD2D9E0E26D9D97CCBA

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:vavglavV2+QtZHgSlLVHKef86lJZh3i9VMNDOKF/1l9F3ghninXBgTz:So/7xRPkEN3i9GNDhTFWiRgTz

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9936

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file turbocleanpc@clk=ai6q5cvk0wgaa_-ld5z1vwgjmfmyqkk5jflrh1vdiv4ybaaaaaabaae.exe has been seen being distributed by the following 50 URLs.

http://my-pc-cleaner.org/tcp-t1?ANBXRbtV0wgAA_-LFZ6AE_PR4cgKT6ksWRynhKTJoZXfAAAAAAADAAE&rwp_campaignid=100912&rwp_clk=ANBXRbtV0wgAA_-LFZ6AE_PR4cgKT6ksWRynhKTJoZXfAAAAAAADAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/download.php?rwp_campaignid=97865&rwp_clk=AKCNxzGT0wgAA_-G_bfX81DF1ln3R5BOhq5Jmipnm1XUBQAAAAAHAAE&rwp_pubid=7783&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ABqSWOpw0wgAA_-LMpHnpWQHa1WuR6BmEAU__LmEmPF_AAAAAAAAAAE&rwp_campaignid=100912&rwp_clk=ABqSWOpw0wgAA_-LMpHnpWQHa1WuR6BmEAU__LmEmPF_AAAAAAAAAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ABrJrYdl0wgAA_-LJPZeTdXp7p6-TZdg8iWJW8GXKJipAQAAAAACAAE&rwp_campaignid=97863&rwp_clk=ABrJrYdl0wgAA_-LJPZeTdXp7p6-TZdg8iWJW8GXKJipAQAAAAACAAE&rwp_pubid=2050&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ANBGuW5s0wgAA_-G_aHXaJeKZPCKT4sPesRouysVxh3tAQAAAAAAAAE&rwp_campaignid=97863&rwp_clk=ANBGuW5s0wgAA_-G_aHXaJeKZPCKT4sPesRouysVxh3tAQAAAAAAAAE&rwp_pubid=4047&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/download.php?rwp_campaignid=100912&rwp_clk=AFYnBdmL0wgAA_-LF1nG-eFPiy7zSIYFCZVzuKP-GJ91AgAAAAACAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?APTjKrxz0wgAA_-LF1gIwjgWXpT7SJugn1A40GZ06EIiAAAAAAACAAE&rwp_campaignid=76787&rwp_clk=APTjKrxz0wgAA_-LF1gIwjgWXpT7SJugn1A40GZ06EIiAAAAAAACAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?AFj0vj1x0wgAA_-LIRJ6dmwpfjStSrF6Z7_xLPq4WLSgAAAAAAAIAAE&rwp_campaignid=76787&rwp_clk=AFj0vj1x0wgAA_-LIRJ6dmwpfjStSrF6Z7_xLPq4WLSgAAAAAAAIAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?AFJenS950wgAA_-LMMLuKlet4BAoTJpyY2BpVB9-oe4lAAAAAAABAAE&rwp_campaignid=100912&rwp_clk=AFJenS950wgAA_-LMMLuKlet4BAoTJpyY2BpVB9-oe4lAAAAAAABAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AGyWWSlx0wgAA_-LDZ2Hg8wKT91jSqtmSAwmsiFSH7SYAAAAAAADAAE&rwp_campaignid=100912&rwp_clk=AGyWWSlx0wgAA_-LDZ2Hg8wKT91jSqtmSAwmsiFSH7SYAAAAAAADAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/download.php?rwp_campaignid=100912&rwp_clk=AHRjo0p80wgAA_9yWIWLZ3Z7MDMGSq5eYr5LwTviiU5_AQAAAAADAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/download.php?rwp_campaignid=100912&rwp_clk=AHJjFpiB0wgAA_-G7BlLy5DeCQ8hQpnNmWX932lZ3Xb_AQAAAAAFAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ALDucuVZ0wgAA_-LCeX4BmhkkKVmS5PYcYZ-8pel7hoKAwAAAAACAAE&rwp_campaignid=157309&rwp_clk=ALDucuVZ0wgAA_-LCeX4BmhkkKVmS5PYcYZ-8pel7hoKAwAAAAACAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?AOzEaCBx0wgAA_-LF1huRBd6gSpZRbtl_w0jFIjiSA6SAAAAAAACAAE&rwp_campaignid=100912&rwp_clk=AOzEaCBx0wgAA_-LF1huRBd6gSpZRbtl_w0jFIjiSA6SAAAAAAACAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AM5hT5l00wgAA_-LBe-SFS_FBTr9TYC8tgcFoxkzFa6EAAAAAAAHAAE&rwp_campaignid=100912&rwp_clk=AM5hT5l00wgAA_-LBe-SFS_FBTr9TYC8tgcFoxkzFa6EAAAAAAAHAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ANYwWmJv0wgAA_-LE29cJAR1pIusTKTx9Aby5mPFX9OpAAAAAAAFAAE&rwp_campaignid=100912&rwp_clk=ANYwWmJv0wgAA_-LE29cJAR1pIusTKTx9Aby5mPFX9OpAAAAAAAFAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?APT-TZl20wgAA_-LJPeR0yy6irE1SKCAfQbjdC0XIiFdAQAAAAAGAAE&rwp_campaignid=100912&rwp_clk=APT-TZl20wgAA_-LJPeR0yy6irE1SKCAfQbjdC0XIiFdAQAAAAAGAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ADzXUqtd0wgAA_-LFZ6AE_PR4cgKT6ksWRynhKTJqRvXBAAAAAAFAAE&rwp_campaignid=97863&rwp_clk=ADzXUqtd0wgAA_-LFZ6AE_PR4cgKT6ksWRynhKTJqRvXBAAAAAAFAAE&rwp_pubid=6488&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AFbxGz100wgAA_-LJPa1_f18KA_DQpEpJy7T_Oc7l7dZAAAAAAADAAE&rwp_campaignid=100912&rwp_clk=AFbxGz100wgAA_-LJPa1_f18KA_DQpEpJy7T_Oc7l7dZAAAAAAADAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/download.php?rwp_campaignid=77392&rwp_clk=AK4UUmV80wgAA_-LF1SyOKb2TAR-Tp1WpuTDG1MoZgUpAQAAAAAEAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/download.php?rwp_campaignid=76787&rwp_clk=ANDyIi6X0wgAA_-LMqAI-zu_J7EzQqrVy-0vl8-zNhejBwAAAAACAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ACYwVBdx0wgAA_-LCbthW5hz9592R4-_w_5RpeQbnT2PAAAAAAABAAE&rwp_campaignid=100912&rwp_clk=ACYwVBdx0wgAA_-LCbthW5hz9592R4-_w_5RpeQbnT2PAAAAAAABAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?ANRygv1N0wgAA_-LLtitK6CiVT6YRL3d64ECgj_ut6k9BgAAAAAJAAE&rwp_campaignid=77397&rwp_clk=ANRygv1N0wgAA_-LLtitK6CiVT6YRL3d64ECgj_ut6k9BgAAAAAJAAE&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/download.php?rwp_campaignid=684524&rwp_clk=ANDOvWaN0wgAA_-LJRrA3x-apgibSoDJUWtai4JkrMMhAwAAAAAIAAE&rwp_pubid=5007&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?APL4lEp30wgAA_-LE2_4CoqVNcHDSLY5OyvLJdf7eGSmAQAAAAACAAE&rwp_campaignid=100912&rwp_clk=APL4lEp30wgAA_-LE2_4CoqVNcHDSLY5OyvLJdf7eGSmAQAAAAACAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?APD9O6xc0wgAA_-LFZ6AE_PR4cgKT6ksWRynhKTJuDRgBAAAAAAGAAE&rwp_campaignid=100912&rwp_clk=APD9O6xc0wgAA_-LFZ6AE_PR4cgKT6ksWRynhKTJuDRgBAAAAAAGAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AH4Nxxt50wgAA_-LMMLuKlet4BAoTJpyY2BpVB9-_C4cAAAAAAAGAAE&rwp_campaignid=97865&rwp_clk=AH4Nxxt50wgAA_-LMMLuKlet4BAoTJpyY2BpVB9-_C4cAAAAAAAGAAE&rwp_pubid=7445&rwp_al=g0gle&rwp_lpid=1

http://my-pc-cleaner.org/tcp-t1?ADbEGNxw0wgAA_-LLq28_gvbtp6vR6rRHAZ5m_WLwad4AAAAAAAFAAE&rwp_campaignid=100912&rwp_clk=ADbEGNxw0wgAA_-LLq28_gvbtp6vR6rRHAZ5m_WLwad4AAAAAAAFAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/download.php?rwp_campaignid=100912&rwp_clk=ABqhxnB80wgAA_-LHxu2pnGnIXesQ7-LABE42RplbE0uAQAAAAACAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

http://my-pc-cleaner.org/tcp-t1?AIB8U69v0wgAA_-LE29cJAR1pIusTKTx9Aby5mPFhWjKAAAAAAAJAAE&rwp_campaignid=100912&rwp_clk=AIB8U69v0wgAA_-LE29cJAR1pIusTKTx9Aby5mPFhWjKAAAAAAAJAAE&rwp_pubid=&rwp_al=g0gle&rwp_lpid=2

Latest 30 of 248 download URLs