Advanced File Analysis System

CREATED / DROPPED FILES

File Path	Type and Hashes

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	ccsetup509.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	6f77f2137756740f4e632bdd7fdae582929cb411
MD5:	f119524883af4bac56581ed77ceef828
First Seen Date:	2015-09-02 19:32:39.615000 ( 2015-09-02 19:32:39.615000 )
Number of Clients Seen:	18
Last Analysis Date:	2016-04-08 18:05:46.243923 ( 2016-04-08 18:05:46.243923 )
Human Expert Analysis Date:	2015-10-30 12:35:32.598000 ( 2015-10-30 12:35:32.598000 )
Human Expert Analysis Result:	Clean

ADDITIONAL FILE INFORMATION

PE Headers

Property	Value
number of sections	6
compilation time stamp	0x4F47E2DF [Fri Feb 24 19:19:59 2012 UTC]
LegalCopyright	Copyright \xa9 2005-2015 Piriform Ltd
ProductName	CCleaner
FileDescription	CCleaner Installer
FileVersion	2.0.0.0
CompanyName	Piriform Ltd
Translation	0x0000 0x04b0
entry point	0x4039e3 (.text)
machine type	Intel 386 or later - 32Bit
file size	6667640
sha256	e1a8d34321a74120aeafdb01497abd082f88b9c8eda725dee863932ceb5e86f7
mime type	application/x-dosexec

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0x6f10	0x7000	6.497885	-
.rdata	0x8000	0x2a92	0x2c00	4.393894	-
.data	0xb000	0x67ebc	0x200	1.472782	-
.ndata	0x73000	0x34d000	0x0	0.000000[SUSPICIOUS]	-
.rsrc	0x3c0000	0x7a68	0x7c00	5.016478	-
.reloc	0x3c8000	0xf8a	0x1000	5.265575	-

PE Imports

KERNEL32.dll
- SetFileTime
- CompareFileTime
- SearchPathW
- GetShortPathNameW
- GetFullPathNameW
- MoveFileW
- SetCurrentDirectoryW
- GetFileAttributesW
- GetLastError
- CreateDirectoryW
- SetFileAttributesW
- Sleep
- GetTickCount
- CreateFileW
- GetFileSize
- GetModuleFileNameW
- GetCurrentProcess
- CopyFileW
- ExitProcess
- GetWindowsDirectoryW
- GetTempPathW
- GetCommandLineW
- SetErrorMode
- CloseHandle
- lstrlenW
- lstrcpynW
- GetDiskFreeSpaceW
- GlobalUnlock
- GlobalLock
- CreateThread
- LoadLibraryW
- CreateProcessW
- lstrcmpiA
- GetTempFileNameW
- lstrcatW
- GetProcAddress
- LoadLibraryA
- GetModuleHandleA
- OpenProcess
- lstrcpyW
- GetVersionExW
- GetSystemDirectoryW
- GetVersion
- lstrcpyA
- RemoveDirectoryW
- lstrcmpA
- lstrcmpiW
- lstrcmpW
- ExpandEnvironmentStringsW
- GlobalAlloc
- WaitForSingleObject
- GetExitCodeProcess
- GlobalFree
- GetModuleHandleW
- LoadLibraryExW
- FreeLibrary
- WritePrivateProfileStringW
- GetPrivateProfileStringW
- WideCharToMultiByte
- lstrlenA
- MulDiv
- WriteFile
- ReadFile
- MultiByteToWideChar
- SetFilePointer
- FindClose
- FindNextFileW
- FindFirstFileW
- DeleteFileW
- lstrcpynA
USER32.dll
- GetAsyncKeyState
- IsDlgButtonChecked
- ScreenToClient
- GetMessagePos
- CallWindowProcW
- IsWindowVisible
- LoadBitmapW
- CloseClipboard
- SetClipboardData
- EmptyClipboard
- OpenClipboard
- TrackPopupMenu
- GetWindowRect
- AppendMenuW
- CreatePopupMenu
- GetSystemMetrics
- EndDialog
- EnableMenuItem
- GetSystemMenu
- SetClassLongW
- IsWindowEnabled
- SetWindowPos
- DialogBoxParamW
- CheckDlgButton
- CreateWindowExW
- SystemParametersInfoW
- RegisterClassW
- SetDlgItemTextW
- GetDlgItemTextW
- MessageBoxIndirectW
- CharNextA
- CharUpperW
- CharPrevW
- wvsprintfW
- DispatchMessageW
- PeekMessageW
- wsprintfA
- DestroyWindow
- CreateDialogParamW
- SetTimer
- SetWindowTextW
- PostQuitMessage
- SetForegroundWindow
- ShowWindow
- wsprintfW
- SendMessageTimeoutW
- LoadCursorW
- SetCursor
- GetWindowLongW
- GetSysColor
- CharNextW
- GetClassInfoW
- ExitWindowsEx
- IsWindow
- GetDlgItem
- SetWindowLongW
- LoadImageW
- GetDC
- EnableWindow
- InvalidateRect
- SendMessageW
- DefWindowProcW
- BeginPaint
- GetClientRect
- FillRect
- DrawTextW
- EndPaint
- FindWindowExW
GDI32.dll
- SetBkColor
- GetDeviceCaps
- DeleteObject
- CreateBrushIndirect
- CreateFontIndirectW
- SetBkMode
- SetTextColor
- SelectObject
SHELL32.dll
- SHBrowseForFolderW
- SHGetPathFromIDListW
- SHGetFileInfoW
- ShellExecuteW
- SHFileOperationW
- SHGetSpecialFolderLocation
ADVAPI32.dll
- RegEnumKeyW
- RegOpenKeyExW
- RegCloseKey
- RegDeleteKeyW
- RegDeleteValueW
- RegCreateKeyExW
- RegSetValueExW
- RegQueryValueExW
- RegEnumValueW
COMCTL32.dll
- ImageList_AddMasked
- ImageList_Destroy
- None
- ImageList_Create
ole32.dll
- CoTaskMemFree
- OleInitialize
- OleUninitialize
- CoCreateInstance
VERSION.dll
- GetFileVersionInfoSizeW
- GetFileVersionInfoW
- VerQueryValueW

PE Resources

RT_ICON

RT_DIALOG

RT_GROUP_ICON

RT_VERSION

RT_MANIFEST

File Name: ccsetup509.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 6f77f2137756740f4e632bdd7fdae582929cb411

MD5: f119524883af4bac56581ed77ceef828

CREATED / DROPPED FILES

MATCH YARA RULES

STATIC FILE INFO

ADDITIONAL FILE INFORMATION

PE Headers

PE Sections

PE Imports

PE Resources

CERTIFICATE VALIDATION