RegistryOptimizer.exe

Knots.Performance.RegistryCompactor

Covus Freemium GmbH

The application RegistryOptimizer.exe by Covus Freemium GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer.
Publisher:
Microsoft  (signed by Covus Freemium GmbH)

Product:
Knots.Performance.RegistryCompactor

Version:
1.1.3.0

MD5:
78cfbf98329a054e07ede693f5285a2d

SHA-1:
1b7cc5f85d7e5e47146f790a281f1e4a8d2d26b1

SHA-256:
770c9bac87e8324e01a600a0d237b93cd2d58d7926f874c1965fd137018190c0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 12:44:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus (M)
17.3.12.1

File size:
739.9 KB (757,616 bytes)

Product version:
1.1.3.0

Copyright:
Copyright © Microsoft 2012

Original file name:
RegistryOptimizer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
Language Neutral

Common path:
C:\Program Files\covus freemium\free system utilities\registryoptimizer.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/28/2013 10:21:57 AM

Valid to:
1/29/2015 10:21:57 AM

Subject:
CN=Covus Freemium GmbH, O=Covus Freemium GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211DBCB8A07ED407612FC406EFD259BE29

File PE Metadata
Compilation timestamp:
11/28/2013 6:19:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xB4BC0

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 30, 45, 00, 80, 10, 00, 00, 00, AA, 45, 00, 80, 18, 00, 00, 00, 66, 49, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
715 KB (732,160 bytes)

Remove RegistryOptimizer.exe - Powered by Reason Core Security