Gridinsoft Logo
File Icon

The ZHPCleaner.exe (ZHPCleaner) File Analysis

Updated 6 days ago
Checked by Malaware Check
ZHPCleaner.exe

Technical Analysis

File Name ZHPCleaner.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.217.174
Database Version 2025-05-25 15:00:14 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
3,364,552
File Size (bytes)
2025-05-25
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
84bdb7a9260f23f627920b7166b2bd8e
SHA1
4dabb85e70d97b2e3944da77e5a7308403f9c073
SHA256
733aa54abd8261118b59f4cdaadd7cebbfaf2d023ccbf31944a5173bd74bb971
SHA512
844896c3bbfe6c4073b0fba38e1dc72088ccbd19769fae8e1b5606965ddc2ef3194392b4fdb3e25b84f69f1ba95fa8a01231473dc96cdd370556a26c5ed3cebf
ImpHash
279daa640d9140f9842860a738abd363

PE Analysis

Basic Information

Icon
Hash: 18acee1d487f7d574af9f98366b6ba49
Fuzzy: e98fef2790f7fa29635e68b668920b83
dHash: 1361d48a8cce4b0f
Image Base 0x00400000
Entry Point 0x00420577
Compilation Time 2025-05-16 14:25:52
Checksum 0x0033fa52 (Actual: 0x0033a8e2)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature Chain verification from [email protected], CN=NC_NICOLAS_COOLMAN (serial:1, sha1:0c120bed9de1e07698d58da8bd73bd73746bb7cb) failed: The X.509 certificate provided is self-signed - "Email Address: [email protected], Common Name: NC_NICOLAS_COOLMAN"
Imports 18 libraries
Exports 0 functions
Resources 30 Resources
Sections 5 Sections

Version Information

FileVersion 2025.5.16.7
Comments Logiciel antimalware
FileDescription ZHPCleaner
ProductName ZHPcleaner
ProductVersion 2025
CompanyName Nicolas Coolman
LegalCopyright Nicolas Coolman
LegalTradeMarks Nicolas Coolman
Translation 0x040c 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 633,629 bytes 633,856 bytes 6.67 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0A1473F3064DCBC32EF93C5C8A90F3A6
.rdata 0x0009c000 195,458 bytes 195,584 bytes 5.69 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C9CF2468B60BF4F80F136ED54B3989FB
.data 0x000cc000 28,780 bytes 18,432 bytes 0.58 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 53B9025D545D65E23295E30AFDBD16D9
.rsrc 0x000d4000 2,483,044 bytes 2,483,200 bytes 7.99 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4A1BC2ADADD7852C638C1C6A327A2134
.reloc 0x00333000 30,100 bytes 30,208 bytes 6.80 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ C68EE8931A32D45EB82DC450EE40EFC3
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 30 (2,481,390 bytes)
Resource Type Count Total Size Percentage
RT_ICON 15 77,666 bytes
3.1%
RT_MENU 1 80 bytes
0%
RT_STRING 7 8,900 bytes
0.4%
RT_RCDATA 1 2,392,165 bytes
96.4%
RT_GROUP_ICON 4 234 bytes
0%
RT_VERSION 1 716 bytes
0%
RT_MANIFEST 1 1,629 bytes
0.1%

Certificate Chain Analysis

Certificate Information
Product ZHPcleaner
Description ZHPCleaner
File Version 2025.5.16.7
Verification Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers NC_NICOLAS_COOLMAN
Copyright Nicolas Coolman
Certificate Chain Summary
NC_NICOLAS_COOLMAN #1 Primary
Validity Period: 2023-06-19 07:51:00 → 2033-06-19 07:51:00
Signature Algorithm: sha1RSA
Serial Number: 01

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from [email protected], CN=NC_NICOLAS_COOLMAN (serial:1, sha1:0c120bed9de1e07698d58da8bd73bd73746bb7cb) failed: The X.509 certificate provided is self-signed - "Email Address: [email protected], Common Name: NC_NICOLAS_COOLMAN"

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware