» quad_registry_cleaner_installer.exe
Overview
Analysis
File Details

quad_registry_cleaner_installer.exe

INTERNET INTERACTIVE BRANDS

The application quad_registry_cleaner_installer.exe, “Quad RegistryCleaner Installer” by INTERNET INTERACTIVE BRANDS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.

File name:

Publisher:

Interactive Brands (signed by INTERNET INTERACTIVE BRANDS)

Description:

Quad RegistryCleaner Installer

Version:

1.0.0.7

MD5:

584e4cd6666b98fe8876d587a6a5c147

SHA-1:

ede9c09fa4f15fa5797150b690d60f6d0afa5eb0

SHA-256:

b5766d345c4c61b93c246e16f2e5649bf260a2bde081cdb0d0cca8cc45ab7341

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 12:55:30 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.RegistryCleaner.Optional (M)

16.11.2.23

File size:

2.2 MB (2,271,288 bytes)

Product version:

1.0.0.7

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\quad_registry_cleaner_installer.exe

Digital Signature

Signed by:

INTERNET INTERACTIVE BRANDS

Authority:

VeriSign, Inc.

Valid from:

4/8/2011 2:00:00 AM

Valid to:

4/8/2013 1:59:59 AM

Subject:

CN=INTERNET INTERACTIVE BRANDS, OU=Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=INTERNET INTERACTIVE BRANDS, L=Saint Laurent, S=Quebec, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4B0E55D15046635038DCF9710C1633EA

File PE Metadata

Compilation timestamp:

10/20/2009 7:02:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:t6G82y3k5s3DaXawhmbBGp4qP3LlkMcLFf6kyv:ti242s38vhmbB8p52ZPyv

Entry address:

0x37767

Entry point:

E8, 8F, 7C, 00, 00, E9, 17, FE, FF, FF, E8, 41, 6C, 00, 00, FF, 74, 24, 04, E8, 98, 6A, 00, 00, FF, 35, F4, 65, 47, 00, E8, 46, 76, 00, 00, 68, FF, 00, 00, 00, FF, D0, 83, C4, 0C, C3, 68, 58, A5, 45, 00, FF, 15, 50, 62, 45, 00, 85, C0, 74, 16, 68, 48, A5, 45, 00, 50, FF, 15, F0, 62, 45, 00, 85, C0, 74, 06, FF, 74, 24, 04, FF, D0, C3, FF, 74, 24, 04, E8, D1, FF, FF, FF, 59, FF, 74, 24, 04, FF, 15, EC, 61, 45, 00, CC, 6A, 08, E8, 2E, 7E, 00, 00, 59, C3, 6A, 08, E8, 4D, 7D, 00, 00, 59, C3, 56, 8B, F0, EB, 0B... 
[+]

Code size:

337 KB (345,088 bytes)

Remove quad_registry_cleaner_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.