home

registrycleanerpro.exe

oTweak Software LLC

The application registrycleanerpro.exe by oTweak Software has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from downloads.otweak.com and multiple other hosts.
Publisher:
oTweak Software LLC  (signed and verified)

MD5:
30d1d13365f14f71079c8287b7d86f7f

SHA-1:
642b424fa090b91792776e7307f1e325eb36e436

SHA-256:
5a6c0753054a9066815f892c56972a516ffcb9094e0f9ef2e4226496cd7964a2

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 11:29:04 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
riskware program Program.Unwanted.523, is riskware program Program.Unwanted.257
9.0.1.05190

NANO AntiVirus
Riskware.Nsis.Unwanted.dqaczj
0.30.24.2086

Reason Heuristics
PUP.oTweak.Optional.Installer.Meta (L)
15.12.1.12

File size:
2.3 MB (2,392,160 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\registrycleanerpro.exe

Digital Signature
Signed by:
oTweak Software LLC

Authority:
thawte, Inc.

Valid from:
3/4/2015 6:00:00 PM

Valid to:
3/4/2017 5:59:59 PM

Subject:
CN=oTweak Software LLC, O=oTweak Software LLC, L=Rostov-Na-Donu, S=Rostovskaya obl., C=RU

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1BA315B89D1AF7C2CB153F29392B2B78

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:liaLfWD1oWB7TCUI+WpyWl3iP1NZwkUoXuFVlyJRY9z8fnl1mY:kaL+D1oWBTI+4y2k0qurlyK633

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file registrycleanerpro.exe has been seen being distributed by the following 2 URLs.

http://downloads.otweak.com/rcp/.../RegistryCleanerPro.exe

http://downloads.otweak.net/rcp/.../RegistryCleanerPro.exe

Remove registrycleanerpro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.