home

RegistrationPopup.exe

RegistrationPopup

MY SECURITY CENTER LTD

The application RegistrationPopup.exe by MY SECURITY CENTER has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘regist’. While running, it connects to the Internet address radon.mysecuritycenter.com on port 80 using the HTTP protocol.
Publisher:
MySecurityCenter  (signed by MY SECURITY CENTER LTD)

Product:
RegistrationPopup

Version:
1.0.0.0

MD5:
3086c1dc2f9ab20c14600a6af4f7291d

SHA-1:
3474265b3911dcf8e913154cd29229c529de46ae

SHA-256:
5f64596efd57d3fa1b7019b26a56f8e917cd6813149022265bf000fc01b9b784

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 2:18:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.MYSECURITYCENTER.Meta
15.5.31.10

File size:
376.4 KB (385,392 bytes)

Product version:
1.0.0.0

Copyright:
(c) MySecurityCenter. All rights erved.

Original file name:
RegistrationPopup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mysecuritycenter\programs\registrationpopup.exe

Digital Signature
Signed by:
MY SECURITY CENTER LTD

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/27/2010 2:00:00 AM

Valid to:
5/27/2012 1:59:59 AM

Subject:
CN=MY SECURITY CENTER LTD, O=MY SECURITY CENTER LTD, L=WEST DRAYTON, S=MIDDLESEX, C=GB

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1F8B282A7A992535C9223295A40E2799

File PE Metadata
Compilation timestamp:
3/13/2007 1:04:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:495SfzCSK9OhkqCH/iJVEw2hJLbF7bTfHUKuiy67KpSwVy95:sX9OyqgqJVEw4JLx7HfHou

Entry address:
0x2B448

Entry point:
E8, FE, 3F, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, D0, 57, 45, 00, 75, 02, F3, C3, E9, 7E, 40, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 5C, 18, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 64, 0D, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 37, 18, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 3D, 41, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00...
 
[+]

Code size:
260 KB (266,240 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
regist

Command:
C:\Program Files\mysecuritycenter\programs\registrationpopup.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to radon.mysecuritycenter.com  (5.9.49.73:80)

Remove RegistrationPopup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.