» RegistryDR.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

RegistryDR.exe

RegistryDR

EuroTrade A.L. Ltd

The application RegistryDR.exe by EuroTrade A.L has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program Registry Dr by EuroTrade A.L. Ltd which is a potentially unwanted software program. While running, it connects to the Internet address s1.7500.biz on port 80 using the HTTP protocol.

File name:

RegistryDR.exe

Publisher:

EuroTrade A.L. Ltd (signed and verified)

Product:

RegistryDR

Description:

Registry DR

Version:

2.3.4.0

MD5:

499dca925e3828188c290f94e8aa422a

SHA-1:

e8fa0f7611ddcb32d4b7b1780800b217f8c78bac

SHA-256:

e46d4ad43d407d7d1d4c8f7df5de74e26000bd87b4f8c0816f51af57bd8d3e73

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/7/2024 8:48:10 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

MSIL/Rebrand.LittleRegClean (variant)

10.9433

Reason Heuristics

Win32.Generic

16.2.8.6

File size:

10.3 MB (10,787,264 bytes)

Product version:

2.3.4.0

Original file name:

RegistryDR.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\registry dr\registrydr.exe

Digital Signature

Signed by:

EuroTrade A.L. Ltd

Authority:

COMODO CA Limited

Valid from:

8/5/2013 2:00:00 AM

Valid to:

8/6/2014 1:59:59 AM

Subject:

CN=EuroTrade A.L. Ltd, O=EuroTrade A.L. Ltd, STREET=1 Aizik Shtern, L=Tel Aviv, S=Hamerkaz, PostalCode=62153, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0AF8A2B4830447FA278FC63B0CBD56A4

File PE Metadata

Compilation timestamp:

11/18/2013 5:42:07 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

98304:F5b988E88KESg+6ZXApGMYyquWWg8K88Hyfu:wXApL6f

Entry address:

0x9EEB86

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E0, 9E, 00, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

9.9 MB (10,406,912 bytes)

The file RegistryDR.exe has been discovered within the following program.

Registry Dr by EuroTrade A.L. Ltd

This is a potentially unwanted 'registry fixer' that is bundled with third-party download and install managers.

70% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to s1.7500.biz (37.187.171.44:80)

Remove RegistryDR.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.