frtunerregistrycleaner.exe

Free Registry Tuner

FreeRegistryTuner.com

The application frtunerregistrycleaner.exe, “Free Registry Tuner Setup ” has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.tucows.com.
Publisher:
FreeRegistryTuner.com

Product:
Free Registry Tuner

Description:
Free Registry Tuner Setup

MD5:
7e1794f64873c17f84580d3c87dbf8bb

SHA-1:
498a45a0b0d99c83e535fccbb504a63497074c4b

SHA-256:
8874ec551fddc4172034809b7dd34fa9c79bcf880b9b24e52572085621511826

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/24/2024 12:51:54 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
ASD.Prevention
2013.02.11

ESET NOD32
Win32/InstallMonetizer.AF
10.7990

Reason Heuristics
PUP.InstallMonetizer.ET (M)
16.7.29.9

File size:
2.3 MB (2,390,790 bytes)

Copyright:
© 2012 FreeRegistryTuner.com

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\frtunerregistrycleaner.exe

File PE Metadata
Compilation timestamp:
12/20/2011 6:16:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:YmwSNDshBykOeuQnRsEOch11zQBHsXSGAHnxumAQRJgj:v+hByDzQRsDDHsgRuLQRqj

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.9733

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file frtunerregistrycleaner.exe has been seen being distributed by the following URL.

Remove frtunerregistrycleaner.exe - Powered by Reason Core Security