| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | AdwCleaner.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| SHA1: | e6095f5a6ba701c583b2d8605c269bc68d16840d |
| MD5: | 9c0c6bca7e23ee799e3481c9280f11f1 |
| First Seen Date: | 2015-09-29 09:36:24.636000 ( ) |
| Number of Clients Seen: | 8 |
| Last Analysis Date: | 2016-04-09 01:54:06.701211 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 3 |
| compilation time stamp | 0x560814DB [Sun Sep 27 16:10:03 2015 UTC] |
| LegalCopyright | Xplode |
| ProductVersion | 3.3.12.0 |
| FileVersion | 5.0.0.9 |
| Comments | http://www.autoitscript.com/autoit3/ |
| FileDescription | AdwCleaner |
| Translation | 0x040c 0x04b0 |
| entry point | 0x61b110 (UPX1) |
| machine type | Intel 386 or later - 32Bit |
| file size | 1670656 |
| sha256 | 84c889b058dbc394695d37b98ec3174c676bf76140430bb603df12e3811dd365 |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x1c6000 | 0x0 | 0.000000[SUSPICIOUS] | - |
| UPX1 | 0x1c7000 | 0x55000 | 0x54400 | 7.936384[SUSPICIOUS] | - |
| .rsrc | 0x21c000 | 0x144000 | 0x143600 | 7.993021[SUSPICIOUS] | - |
-
KERNEL32.DLL
- LoadLibraryA
- GetProcAddress
- VirtualProtect
- VirtualAlloc
- VirtualFree
- ExitProcess
-
ADVAPI32.dll
- AddAce
-
COMCTL32.dll
- ImageList_Remove
-
COMDLG32.dll
- GetSaveFileNameW
-
GDI32.dll
- LineTo
-
IPHLPAPI.DLL
- IcmpSendEcho
-
MPR.dll
- WNetUseConnectionW
-
ole32.dll
- CoGetObject
-
OLEAUT32.dll
- VariantInit
-
PSAPI.DLL
- GetProcessMemoryInfo
-
SHELL32.dll
- DragFinish
-
USER32.dll
- GetDC
-
USERENV.dll
- LoadUserProfileW
-
UxTheme.dll
- IsThemeActive
-
VERSION.dll
- VerQueryValueW
-
WININET.dll
- FtpOpenFileW
-
WINMM.dll
- timeGetTime
-
WSOCK32.dll
- socket
RT_ICON
RT_STRING
RT_RCDATA
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST