Submission Summary:

• Submission details:
• Submission received: 8 March 2012, 18:34:51
• Processing time: 13 min 58 sec
• Submitted sample:
• File MD5: 0xDB9EE13DEED1DCEB8AC2A65B464241BD
• File SHA-1: 0x9663CAB5F4802FDAD8C719864F2E390BB99F195C
• Filesize: 3,628,016 bytes

• Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

• The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonDesktopDir%\CCleaner.lnk	682 bytes	MD5: 0x3012FFBA1BB381B00C54994530BF7F46 SHA-1: 0x006ACC720564937C90058E7708C5A9557BDBE9ED
2	%CommonPrograms%\CCleaner\CCleaner Homepage.url	82 bytes	MD5: 0x20AAC90EEFD7FCF37027FDE1FCF35214 SHA-1: 0x5161CC36B8E0FBE826EF12F536308CC26E5727B6
3	%CommonPrograms%\CCleaner\CCleaner.lnk	694 bytes	MD5: 0xE56794A18B18EA90582885D1CB04D4CE SHA-1: 0x3A4C22702879CA694A99CA0A2C91437F3501A968
4	%CommonPrograms%\CCleaner\Uninstall CCleaner.lnk	507 bytes	MD5: 0x7C8C5285422B865A5C90FB9BD08D6279 SHA-1: 0xC5421D91958DE7760A75CF8B58B64BE6B42F56D4
5	%ProgramFiles%\CCleaner\CCleaner.exe	2,761,024 bytes	MD5: 0x96C849ABC5AE2FB9CB06DFFE0A49E6FB SHA-1: 0x0E39336F54D3F86ECF5F8FA34D0718BCE0FD2A8D
6	%ProgramFiles%\CCleaner\Lang\lang-1025.dll	30,208 bytes	MD5: 0xC770E20E189921117C1F4ECACC9431C4 SHA-1: 0x4FB12AF78174C06183B04087A4EDAC9A2EE9A47E
7	%ProgramFiles%\CCleaner\Lang\lang-1026.dll	36,352 bytes	MD5: 0xF9C8C14BAC5AB30E22F2F1E9551EEFFB SHA-1: 0xD4D18F733746C9DCA7D83DB837AB41FF333C644E
8	%ProgramFiles%\CCleaner\Lang\lang-1027.dll	45,056 bytes	MD5: 0xB6EFA4A71E1C5F75DA3761999FE2C227 SHA-1: 0x0107F8AE7C2B5E25B05A9D0D1A75D51068AB5842
9	%ProgramFiles%\CCleaner\Lang\lang-1028.dll	19,456 bytes	MD5: 0xFB731D54738D5AAB1B01BC0BF36CD5B5 SHA-1: 0xE538477C24140823A50EC9E0D73DF8557593ED4C
10	%ProgramFiles%\CCleaner\Lang\lang-1029.dll	32,256 bytes	MD5: 0xDC98AA06C333E9A7D6FA9DC95E4F9B04 SHA-1: 0x5D04452C767F5591949A5C7021F1BFEBA8423B81
11	%ProgramFiles%\CCleaner\Lang\lang-1030.dll	34,304 bytes	MD5: 0x87FB6EF18A7D0CF7FDE8D4E81BC04912 SHA-1: 0xD92EC1FDD3D8F56FA04C14CDCB5204B4905A97D1
12	%ProgramFiles%\CCleaner\Lang\lang-1031.dll	34,304 bytes	MD5: 0x00C08CE543459E903C526EFD87E31531 SHA-1: 0x7F2AE5E956C944AEA513E9A7C36D7FFD5E88C693
13	%ProgramFiles%\CCleaner\Lang\lang-1032.dll	39,424 bytes	MD5: 0xD25A613A991E02CB29F5EEED2B10011A SHA-1: 0x7E5FD3B97185B71AA2EBFDD92AC6A58FBF6B897A
14	%ProgramFiles%\CCleaner\Lang\lang-1034.dll	45,056 bytes	MD5: 0x0E21E9FE1A9A895B4AFD04509CB309F8 SHA-1: 0xBE8608D41CCD8B584E6E5AE40597FF751683127D
15	%ProgramFiles%\CCleaner\Lang\lang-1035.dll	35,328 bytes	MD5: 0x7A1981D3280E36078582D506309B1896 SHA-1: 0xA658B6AC74C2FD2EA66D2C711279ACA14D170AD8
16	%ProgramFiles%\CCleaner\Lang\lang-1036.dll	39,424 bytes	MD5: 0xAC4B2DBAA3CFFF0635DD098E72B20DF5 SHA-1: 0x0B69CC4251542213BF04E4A97B915D5F801DFAB2
17	%ProgramFiles%\CCleaner\Lang\lang-1037.dll	29,184 bytes	MD5: 0xEEA25A85618A68010C4EC89EB4D95DA4 SHA-1: 0xF9621E378BD640CECB1530FAA46FCC1F981C6A81
18	%ProgramFiles%\CCleaner\Lang\lang-1038.dll	35,328 bytes	MD5: 0x6D792F63203110FDD1EC4C687FA60D59 SHA-1: 0x8854DE5CA583D37AED8B5C70CFE777E5CFFA59BC
19	%ProgramFiles%\CCleaner\Lang\lang-1040.dll	36,352 bytes	MD5: 0x2BE754CF15B7E82E83163829BE1190D0 SHA-1: 0x8DECA5B630B212C219A00898B12676B82EE4F0AA
20	%ProgramFiles%\CCleaner\Lang\lang-1041.dll	22,016 bytes	MD5: 0xFB105EF14CA2D277C24C06D5B023A6FA SHA-1: 0xAC577A4ADB8B114BA30C74182326A5F31FA9BC8C
21	%ProgramFiles%\CCleaner\Lang\lang-1042.dll	22,016 bytes	MD5: 0xE609192DEFAC410AFEAF9FE3064C6B56 SHA-1: 0xB9C51241A4266903813D6CFFE3C96D5199251BC1
22	%ProgramFiles%\CCleaner\Lang\lang-1043.dll	38,400 bytes	MD5: 0x338A1227A0C1A0A36626E7CCA4ADA97A SHA-1: 0x999751DB2B1AF03A4B3BBDA3F7E4C4F2BECF6610
23	%ProgramFiles%\CCleaner\Lang\lang-1044.dll	33,280 bytes	MD5: 0x35AAD7C47305773DE814BF432418046D SHA-1: 0x205004669D27D633273BCE1450F3CDE7B481E144
24	%ProgramFiles%\CCleaner\Lang\lang-1045.dll	35,840 bytes	MD5: 0x1E6120F569C87D243E8E0B594F84A7F2 SHA-1: 0x63A559C6589747856C7C12CDD494A512C7CDB7F4
25	%ProgramFiles%\CCleaner\Lang\lang-1046.dll	45,056 bytes	MD5: 0xC4F130838CC346B88D734EB47627947B SHA-1: 0x6FC8116F748DB7BF27299FDBA4BB1D4DAEA4BF18
26	%ProgramFiles%\CCleaner\Lang\lang-1048.dll	33,792 bytes	MD5: 0xEAAC7D477F3E8029EF2EF85D72016207 SHA-1: 0xEFA0886085DC33A07537C37094BAF32666BBC181
27	%ProgramFiles%\CCleaner\Lang\lang-1049.dll	32,768 bytes	MD5: 0xB54552CEB5B7C5F029D7A451E2B61986 SHA-1: 0x05D6E031F3382EA1F9A6DBB3940BA3239652129F
28	%ProgramFiles%\CCleaner\Lang\lang-1050.dll	33,280 bytes	MD5: 0x9383CCCB3A353ABCC3556FA9F232CAF1 SHA-1: 0xF0CEAE21AC562A21EC15ECEC42C43F6CCE893597
29	%ProgramFiles%\CCleaner\Lang\lang-1051.dll	32,768 bytes	MD5: 0xFE5B67764D30990B6575901E34F15AD7 SHA-1: 0x244D1FAFBC633795DAAF05C66ABEE1579E03A529
30	%ProgramFiles%\CCleaner\Lang\lang-1052.dll	33,792 bytes	MD5: 0xF30730917AF9CE3DBAF43CF60AE759F5 SHA-1: 0x2F9C9E2658663BB6DE5B6CAB00B94E7FE5FAF1CE
31	%ProgramFiles%\CCleaner\Lang\lang-1053.dll	34,816 bytes	MD5: 0x98A9524632CD11818E78AB257B4864E8 SHA-1: 0x909136E55CAE186CA8D73F87919A0F00F752D200
32	%ProgramFiles%\CCleaner\Lang\lang-1055.dll	32,768 bytes	MD5: 0xE5D66B50699BCC42F4729CFFFC52CB0E SHA-1: 0x9F80064738F0E9D5FF3A159BF1AD6324E17066AC
33	%ProgramFiles%\CCleaner\Lang\lang-1057.dll	35,840 bytes	MD5: 0x88446015F005242DBC8EE6589036750A SHA-1: 0x6B49600C69C83D1A79801EEE318D0FE819A23DE4
34	%ProgramFiles%\CCleaner\Lang\lang-1058.dll	33,792 bytes	MD5: 0x7A9C04B48645F619A0FD661F0BF20A38 SHA-1: 0x6F926C5A76A8A578375EDA08B3C40B661F5A3A03
35	%ProgramFiles%\CCleaner\Lang\lang-1059.dll	35,328 bytes	MD5: 0xE5D705CE1DBFBCC168D9A6F19E0E3BE0 SHA-1: 0xBFDE4298B2BD01DA72BD0A9182848C788F676BCA
36	%ProgramFiles%\CCleaner\Lang\lang-1060.dll	35,328 bytes	MD5: 0xB4A3228F6D17F089F2672759214A4C68 SHA-1: 0x29C1D0DFF02D0E9AE02299675AC8967C99ACED62
37	%ProgramFiles%\CCleaner\Lang\lang-1061.dll	33,280 bytes	MD5: 0xF8BFBF834553BB3CEE26C774AD7C5068 SHA-1: 0xC9665FC462EDC0824B939DA058D9C760D91D104E
38	%ProgramFiles%\CCleaner\Lang\lang-1062.dll	35,328 bytes	MD5: 0x0B28B4B0CAD9DAED0AE5C93F1CDFB144 SHA-1: 0x40D378746C9FFF200CC80B1555A67EA8373C8068
39	%ProgramFiles%\CCleaner\Lang\lang-1063.dll	33,792 bytes	MD5: 0x0B84D4CC5F80B5E9CB1E05A1B95A2DFC SHA-1: 0xF9BBEEC192BCA8DA3588DF98B32F3B4795C14FBF
40	%ProgramFiles%\CCleaner\Lang\lang-1065.dll	33,792 bytes	MD5: 0xCC53D1283A9A8F05699A5EEEF23DD636 SHA-1: 0xD9B6B4E9FC02AE8BC654AD5FC6127D53CD986E43
41	%ProgramFiles%\CCleaner\Lang\lang-1066.dll	32,256 bytes	MD5: 0x634CD6B90BACA60591D5CFCF38A7E8C7 SHA-1: 0x55FEA0A1ADB034C3D8C98805436B7CE778BAB958
42	%ProgramFiles%\CCleaner\Lang\lang-1067.dll	31,232 bytes	MD5: 0x5D9539B4D2E4718641C7D4D8E990B8BF SHA-1: 0x0FD378B0439CA8717CB84D1411FE8B7F1B16F92F
43	%ProgramFiles%\CCleaner\Lang\lang-1068.dll	32,768 bytes	MD5: 0x101A71A7BA97E3FA2C7E48E524462FA2 SHA-1: 0xE37DC9A01D875608E997F10357DDE1FCEE7795EE
44	%ProgramFiles%\CCleaner\Lang\lang-1071.dll	35,840 bytes	MD5: 0x746E4624B4EEABC06EC4DEA86146C1CC SHA-1: 0x75F19E9FE1BFEC56A841B2698D607F757065E9F3
45	%ProgramFiles%\CCleaner\Lang\lang-1079.dll	35,328 bytes	MD5: 0x8C3EEC3D9461667598EC5C8D87B9A057 SHA-1: 0x9C803C73FF5B9EC0039866D58D092DDDFECBB6A5
46	%ProgramFiles%\CCleaner\Lang\lang-1087.dll	31,232 bytes	MD5: 0xC3EE29AD54E968AAB5765DC3D3D35742 SHA-1: 0x05A8F6CDB92303B7399EB377B55080FE5BBEAEF6
47	%ProgramFiles%\CCleaner\Lang\lang-1102.dll	34,816 bytes	MD5: 0x8ABC72029E0D3C23584943B8C84D7906 SHA-1: 0xE1F29C15ED4CD9BD67B9EA4E9A643F3708F3B0A0
48	%ProgramFiles%\CCleaner\Lang\lang-1110.dll	33,280 bytes	MD5: 0x58AF2A7198A4FF556FF097A5C3CC3BF7 SHA-1: 0xA7331B6E2A7C8812B7F20EC57CC44D3B75BDCC4E
49	%ProgramFiles%\CCleaner\Lang\lang-2052.dll	17,408 bytes	MD5: 0x3A95290A24562F5E540367C1BFC569A0 SHA-1: 0x97A515DA43916DFEA20D3D1875605AFAD0C6519B
50	%ProgramFiles%\CCleaner\Lang\lang-2070.dll	45,056 bytes	MD5: 0xEA81E7047C8DD604A7B2A35DAE4B1662 SHA-1: 0x332A872D1F0F07BB0D1703B7BC9C0863B95415EE
51	%ProgramFiles%\CCleaner\Lang\lang-2074.dll	35,328 bytes	MD5: 0x8B20CD1703DEF46E4BD3D66220C139AD SHA-1: 0x9C236F8A3ECB9FE0A125517F39F91EEC0F6A5E1F
52	%ProgramFiles%\CCleaner\Lang\lang-3098.dll	34,816 bytes	MD5: 0x7ACE731ADFB82D5C6E01D9C0E4D2C55F SHA-1: 0x48BB9F9D13E6A062F52DD098E5F5BFDF31CAD252
53	%ProgramFiles%\CCleaner\Lang\lang-5146.dll	33,280 bytes	MD5: 0x308451C1C2EF99AC731567B4CF024653 SHA-1: 0xB645CCB63C6E0F65A64B4E6AE7B38493AC931F38
54	%ProgramFiles%\CCleaner\Lang\lang-9999.dll	45,056 bytes	MD5: 0xBB81F05798F334E0AAFD4865C6A64FF8 SHA-1: 0xBC1E3492551D6C21CB5D3779BBF11046DAA3BA81
55	%ProgramFiles%\CCleaner\uninst.exe	131,408 bytes	MD5: 0x3F4053DF8FC4D091DD517D5B8A6B5136 SHA-1: 0x2DE8B3EDA7420D70A8AEB8770D9925E153BB38BE
56	[file and pathname of the sample #1]	3,628,016 bytes	MD5: 0xDB9EE13DEED1DCEB8AC2A65B464241BD SHA-1: 0x9663CAB5F4802FDAD8C719864F2E390BB99F195C

• Notes:
• %CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
• %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
• %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

• The following directories were created:
• %CommonPrograms%\CCleaner
• %ProgramFiles%\CCleaner
• %ProgramFiles%\CCleaner\Lang

Memory Modifications

• There were new processes created in the system:

• Notes:
• %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Registry Modifications

• The following Registry Keys were created:
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...\command
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner\command
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell\open
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
• HKEY_LOCAL_MACHINE\SOFTWARE\Google
• HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Toolbar Offer Until
• HKEY_LOCAL_MACHINE\SOFTWARE\Piriform
• HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
• HKEY_USERS\.DEFAULT\Software\Piriform
• HKEY_USERS\.DEFAULT\Software\Piriform\CCleaner
• HKEY_CURRENT_USER\Software\Classes\Software\Piriform
• HKEY_CURRENT_USER\Software\Classes\Software\Piriform\CCleaner
• HKEY_CURRENT_USER\Software\Piriform
• HKEY_CURRENT_USER\Software\Piriform\CCleaner

• The newly created Registry Values are:
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...\command]
• (Default) = "%ProgramFiles%\CCleaner\ccleaner.exe"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner\command]
• (Default) = "%ProgramFiles%\CCleaner\ccleaner.exe /AUTO"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command]
• (Default) = ""%ProgramFiles%\CCleaner\ccleaner.exe" /%1"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell\open]
• (Default) = ""
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell]
• (Default) = ""
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch]
• (Default) = "URL: CCleaner Protocol"
• URL Protocol = ""
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
• DisplayName = "CCleaner"
• UninstallString = ""%ProgramFiles%\CCleaner\uninst.exe""
• Publisher = "Piriform"
• InstallLocation = "%ProgramFiles%\CCleaner"
• VersionMajor = 0x00000003
• VersionMinor = 0x00000010
• DisplayVersion = "3.16"
• DisplayIcon = "%ProgramFiles%\CCleaner\CCleaner.exe"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner]
• UpdateCheck = "1"
• (Default) = "%ProgramFiles%\CCleaner"
• [HKEY_USERS\.DEFAULT\Software\Piriform\CCleaner]
• Language = "1033"
• [HKEY_CURRENT_USER\Software\Classes\Software\Piriform\CCleaner]
• Language = "1033"
• [HKEY_CURRENT_USER\Software\Piriform\CCleaner]
• Language = "1033"
• UpdateKey = "03/08/2012 06:35:32 PM"

Other details

• Analysis of the file resources indicate the following possible country of origin:

	United Kingdom

• To mark the presence in the system, the following Mutex object was created:
• Piriform_CCleaner_PreventSecondInstance

• The following Internet Connection was established:

• The following GET request was made:
• installcheck.aspx?p=1&v=3.16.1666&vx=&l=1033&b=1&o=5.1W3&g=1&a=0