instantpcspeedup.exe

Registry Mum

WeiSiTianYu Software Develop Service Center

The application instantpcspeedup.exe by WeiSiTianYu Software Develop Service Center has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Weskysoft Inc.  (signed by WeiSiTianYu Software Develop Service Center)

Product:
Registry Mum

Description:
RegistryMum

Version:
1.0.0.100

MD5:
6ea95ad173e438ff456e4b9c5b9a1b31

SHA-1:
68f148515cb6cfa42ba2373564df9c99fea053fe

SHA-256:
e26a32d0d706780541a001abcc2d9773b807d55e860c08bd30a9e620a80ceb84

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 4:54:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PCOptimizer.Optional.Meta (L)
16.2.27.18

File size:
7.7 MB (8,043,192 bytes)

Product version:
1.0

Original file name:
RegistryMum.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\instant pc speedup\instantpcspeedup.exe

Digital Signature
Authority:
WoSign, Inc.

Valid from:
7/27/2010 6:00:00 PM

Valid to:
7/28/2011 5:59:59 PM

Subject:
CN=WeiSiTianYu Software Develop Service Center, OU=WoSign Class 3 Code Signing, O=WeiSiTianYu Software Develop Service Center, L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:
00AE328C1100741D85A6AF7D045D09EDB0

File PE Metadata
Compilation timestamp:
10/8/2010 11:26:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:FiqjSSbrR9N3cSvz9RqGLoqzfA0TK/MK7n84LpzGxTIO/izza9trHS7YynsONXwX:Fiqz9NsSL9I+2/MKlzZzzjUynsO

Entry address:
0x295A24

Entry point:
55, 8B, EC, B9, 04, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, B8, 6C, B7, 68, 00, E8, AA, 5E, D7, FF, 33, C0, 55, 68, 5C, 5C, 69, 00, 64, FF, 30, 64, 89, 20, B8, 10, 6B, 6A, 00, 33, D2, E8, D4, 21, D7, FF, E8, FF, EC, D6, FF, 85, C0, 7E, 0F, BA, 10, 6B, 6A, 00, B8, 01, 00, 00, 00, E8, 4C, ED, D6, FF, 8B, 15, 10, 6B, 6A, 00, B0, 01, E8, 13, 54, FF, FF, 84, C0, 0F, 85, BC, 01, 00, 00, 8B, 0D, B8, 02, 6A, 00, 8B, 09, B2, 01, A1, 50, B2, 68, 00, E8, C3, CA, E3, FF, 8B, 15, 04, 02, 6A, 00, 89, 02, 33, D2, 55...
 
[+]

Entropy:
4.6860

Developed / compiled with:
Microsoft Visual C++

Code size:
2.6 MB (2,706,944 bytes)

Remove instantpcspeedup.exe - Powered by Reason Core Security