Clean My Browser

By GoldSparrow in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 5,940
Threat Level: 80 % (High)
Infected Computers: 760
First Seen: July 6, 2017
Last Seen: April 11, 2026
OS(es) Affected: Windows

The Clean My Browser program is presented to Web surfers as a browser extension that can be added to Google Chrome via its official page on Cleanmybrowser.com and Chrome.google.com/webstore/detail/clean-my-browser/jmpkkhdlmmnjldpkdhdgheghddpdciem. The Clean My Browser program is promoted as both security and an optimization solution for a Web browser. The following marketing pitch is placed on the Chrome Web Store page for the extension:

'CleanMyBrowser identifies extensions that require higher permissions when installed and could potentially violate or exploit your privacy. With CleanMyBrowser you can identify such extensions and remove and clean them from your Chrome browser in a simple way.

-Improves your Chrome browser performance
-Cleans your browser of unnecessary and harmful extensions
-Protects your privacy of your data
-Improves speed of browser'

You should note that the comments section of Chrome.google.com/webstore/detail/clean-my-browser/jmpkkhdlmmnjldpkdhdgheghddpdciem is empty even if there are 9004 people (at the time of research) using the app on a daily basis. You might think that the Clean My Browser app offers some interface and let you remove potentially dangerous extensions, but it doesn't. The developers of Clean My Browser have not provided information on the methods and guidelines used to distinguish resource-hungry, unsafe and intrusive third-party extensions. Moreover, the only feature of Clean My Browser that seems clear enough is that it changes your new tab and primary search aggregator to search.cleanmybrowser.com. The privileges requested by the Clean My Browser during installation are as follow:

  • Read and change all your data on the websites you visit.
  • Read and change your browsing history.
  • Manage your apps, extensions and themes.
  • Communicate with cooperating sites.
  • Change your search settings to search.cleanmybrowser.com.

You can install and benefit from Clean My Browser for free as long as you like. However, you would be unable to change your default search to anything other than search.cleanmybrowser.com as long as you keep Clean My Browser attached to your Internet client. The portal search.cleanmybrowser.com acts as redirect-gateway to search.yahoo.com. The Clean My Browser software is an ad-supported product that may collect data like your input on search.cleanmybrowser.com, your Internet history, and software configuration to help advertisers at Search.yahoo.com deliver targeted commercial materials. If you need to clean the browser's cache and cookies, there is a built-in tool for that in almost every browser nowadays. The most common path to the browser cleanup tool is Settings > Advanced > Clean browsing data in Chrome, for Firefox go Options > Privacy > Clear your recent history and in IE click Internet Options > General > Delete Browsing History. PC users that want to remove the persistent tracking cookies and Web beacons downloaded by Clean My Browser may need help from a credible anti-spyware tool.

Analysis Report

General information

Family Name: Trojan.Stealer.EA
Signature status: Hash Mismatch

Known Samples

MD5: c0c4aec849f4532c59bb24cca30aa30b
SHA1: 36ab677eb04aa8bf9af9b52b00d3276c0ce51b6d
SHA256: 0BDDDEA308B4F936F087FFBA391A65812B8D4BD029F7A663C4B8D155B556C887
File Size: 243.71 KB, 243712 bytes
MD5: adbc54636fec41d505b12a5954d3da9e
SHA1: 7b997567f0142bf6af42a166eaac0baf56bdb172
SHA256: 5159EF2F65CA930743314761B82F1E6B5732502E85CD06DC9543B85A1F85DE3A
File Size: 249.23 KB, 249232 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
File Description sqlite Dynamic Link Library
File Version 1, 0, 0, 1
Internal Name sqlite
Legal Copyright Copyright (C) 2008
Original Filename sqlite.dll
Product Name sqlite Dynamic Link Library
Product Version 9, 0, 0, 1

Digital Signatures

Signer Root Status
Adobe Systems, Incorporated VeriSign Class 3 Code Signing 2009-2 CA Hash Mismatch

File Traits

  • dll
  • HighEntropy
  • x86

Block Information

Total Blocks: 821
Potentially Malicious Blocks: 278
Whitelisted Blocks: 543
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x x x x x x x x x 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x x 0 0 x x x x x x 0 0 x x x x x x x x x x x x x 0 x x x x 0 x 0 0 x x x x x x x x x x x x x x x x x x x 0 0 x x x x x 0 0 x x x x x x x x x x x x x x 0 0 x x 0 x x x x x x x x x x x 0 x x x x x x x x x x x x x x 0 x x 0 0 x x 0 0 0 0 0 0 0 x x 0 x 0 x 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 x x x 0 x 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 x 0 x x 0 0 0 0 0 x x 0 0 0 0 x x x x x x x 0 x x x 0 x 0 0 x 0 x 0 0 0 0 0 x x x x x 0 x x x 0 x 0 0 x 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x x x x 0 x 0 0 x 0 0 0 x 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 x x x 0 x x x 0 0 x x 0 x x x x x 0 0 0 0 0 x 0 x 0 0 0 x x 0 0 0 0 x x 0 0 0 x 0 0 x 0 x 0 0 0 x 0 x x x 0 x x 0 0 x x x x x 0 x 0 0 x 0 0 0 x x 0 x x 0 0 0 0 x x 0 0 0 0 0 x x 0 x 0 x 0 x 0 0 0 x x x x x 0 0 0 0 x x 0 0 x 0 0 x x x x x x x x 0 x x x x x x x x x x 0 0 0 0 0 x 0 0 1 1 2 1 0 0 1 2 3 0 0 0 0 0 1 0 1 0 1 1 0 0 2 2 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Stealer.EA

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\36ab677eb04aa8bf9af9b52b00d3276c0ce51b6d_0000243712.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7b997567f0142bf6af42a166eaac0baf56bdb172_0000249232.,LiQMAxHB

Trending

Most Viewed

Loading...