RegistryDr.exe

RegistryDr

Eurotrade

The executable RegistryDr.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Eurotrade  (signed and verified)

Product:
RegistryDr

Description:
Registry Dr

Version:
3.0.3.0

MD5:
1107a47f5383ceb6ac1c973011cd5b06

SHA-1:
e3d22e26977cf399acf85ab7903912bd3a94104d

SHA-256:
69321567bb96f4404bde1aa62162b4ec117b1d35f81ebab84a262f89fd1c38ce

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/8/2024 12:47:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.11.5.3

File size:
11.3 MB (11,851,928 bytes)

Product version:
3.0.3.0

Copyright:
Copyright © 2014

Original file name:
RegistryDr.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\registry dr\registrydr.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/28/2016 5:00:00 AM

Valid to:
3/29/2017 4:59:59 AM

Subject:
CN=Eurotrade, O=Eurotrade, STREET=1 Aizik Shtern, L=Tel Aviv, S=Hamerkaz, PostalCode=62153, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0F5AE720FE7B9DA5037587E4A8FD10D9

File PE Metadata
Compilation timestamp:
3/28/2016 6:27:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:llmnzT9688K88K888k/cukUUAbMxoF1gVuTcCp6bwKsda8zv+Ap:rMbxolT56bwKsLvJ

Entry address:
0xAF29F6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 20, AF, 00, 0C, 00, 00, 00, F8, 39, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.7295

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
10.9 MB (11,471,360 bytes)

Scheduled Task
Task name:
RegistryDr_Start

Trigger:
Logon (Runs on logon)


Remove RegistryDr.exe - Powered by Reason Core Security