RegistrationPopup.exe

RegistrationPopup

MY SECURITY CENTER LTD

The application RegistrationPopup.exe by MY SECURITY CENTER has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘regist’. While running, it connects to the Internet address radon.mysecuritycenter.com on port 80 using the HTTP protocol.
Publisher:
MySecurityCenter  (signed by MY SECURITY CENTER LTD)

Product:
RegistrationPopup

Version:
1.0.0.0

MD5:
cb795cc9194107bc55a5469dd99d96e0

SHA-1:
aff871e0a271f2894edeb452ec6b1b8960a0fc62

SHA-256:
0048c1204510d49f749f88f51d169e8a0feb124e630d82bb88b63ef38218dfb2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 2:18:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Startup
15.1.12.12

File size:
379.8 KB (388,944 bytes)

Product version:
1.0.0.0

Copyright:
(c) MySecurityCenter. All rights erved.

Original file name:
RegistrationPopup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mysecuritycenter\programs\registrationpopup.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
5/17/2012 2:00:00 AM

Valid to:
7/21/2015 2:00:00 PM

Subject:
CN=MY SECURITY CENTER LTD, O=MY SECURITY CENTER LTD, L=West Drayton, C=GB

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02B405245A6E01DE7848F7C55FC3BCC7

File PE Metadata
Compilation timestamp:
3/13/2007 1:04:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:L95SfzCSK9OhkqCH/iJVEw2hJLbF7bTfHUKuiy67KpSwVy9f:PX9OyqgqJVEw4JLx7HfHo0

Entry address:
0x2B448

Entry point:
E8, FE, 3F, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, D0, 57, 45, 00, 75, 02, F3, C3, E9, 7E, 40, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 5C, 18, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 64, 0D, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 37, 18, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 3D, 41, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00...
 
[+]

Entropy:
6.2863

Code size:
260 KB (266,240 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
regist

Command:
C:\Program Files\mysecuritycenter\programs\registrationpopup.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to radon.mysecuritycenter.com  (5.9.49.73:80)

Remove RegistrationPopup.exe - Powered by Reason Core Security