Installer_Regwork.exe

Honlyn (Macao Commercial Offshore) Limited

The application Installer_Regwork.exe by Honlyn (Macao Commercial Offshore) Limited has been detected as a potentially unwanted program by 5 anti-malware scanners. This version of the file will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from regwork.s3.amazonaws.com.
Publisher:

MD5:
c30ab7f0d279a1109f5a9164ebcff6e5

SHA-1:
98ad2e6eecce0cdd18696ad08765fd64149f057e

SHA-256:
ce764cf40f88f6892ceba2f16cad8426eb5e7acd2db5d93973195565f2192296

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 5:34:18 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
17500

Dr.Web
Adware.Downware.1417
9.0.1.0329

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
7.9190

Malwarebytes
PUP.Optional.Spigot.A
v2013.11.25.04

Reason Heuristics
PUP.Optional.HonlynMacaoCommercialOffshoreLimited.R
14.6.12.9

File size:
2.4 MB (2,563,032 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer_regwork.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/21/2012 8:00:00 PM

Valid to:
8/21/2015 7:59:59 PM

Subject:
CN=Honlyn (Macao Commercial Offshore) Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Honlyn (Macao Commercial Offshore) Limited, L=Macau, S=Macau, C=MO

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1A2B9E67ACE7E5B318FED4F1ACAE76BB

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30CB

Code size:
22.5 KB (23,040 bytes)

The file Installer_Regwork.exe has been seen being distributed by the following URL.

Remove Installer_Regwork.exe - Powered by Reason Core Security