» RegistryWinner.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

RegistryWinner.exe

Registry Winner

ALIKET SOFTWARE CO., LTD.

The application RegistryWinner.exe by ALIKET SOFTWARE CO. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler. This file is typically installed with the program Registry Winner 5.6 by RegistryWinner.com.

File name:

RegistryWinner.exe

Publisher:

RegistryWinner.com (signed by ALIKET SOFTWARE CO., LTD.)

Product:

Registry Winner

Version:

5, 7, 3, 10

MD5:

175f5c2bba8132886f58032fab39b275

SHA-1:

3ab31cc32f412cd58216008163e1b82284b8a1e3

SHA-256:

6518522b8c526003dd02af86e0c22adc1e13602d49fcced2e5639751ce870ee8

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/12/2024 6:30:16 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.ALIKETSO.Task

16.12.2.15

File size:

7.3 MB (7,689,792 bytes)

Product version:

5, 7, 3, 10

Trademarks:

Registry Winner

Original file name:

RegistryWinner.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\wincmd 32\aplikace\registry winner\registrywinner.exe

Digital Signature

Signed by:

ALIKET SOFTWARE CO., LTD.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

11/27/2008 1:00:00 AM

Valid to:

11/28/2010 12:59:59 AM

Subject:

CN="ALIKET SOFTWARE CO., LTD.", OU=Secure Application Development, O="ALIKET SOFTWARE CO., LTD.", L=BEIJING, S=BEIJING, C=CN

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

6C4B7FCD34A45D21B17CD1FC8F8559A8

File PE Metadata

Compilation timestamp:

3/11/2010 3:01:34 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:jD2/a/b3hWFJ3Blir9n6Wy4KiEF84Y9KZo5b:PjbRFMB3F8/9Kob

Entry address:

0x136EA6

Entry point:

55, 8B, EC, 6A, FF, 68, 30, B7, 58, 00, 68, D8, 80, 53, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, BC, B3, 57, 00, 33, D2, 8A, D4, 89, 15, 44, 01, 5D, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 40, 01, 5D, 00, C1, E1, 08, 03, CA, 89, 0D, 3C, 01, 5D, 00, C1, E8, 10, A3, 38, 01, 5D, 00, 6A, 01, E8, C8, 56, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, D3, 53, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

1.5 MB (1,548,288 bytes)

Scheduled Task

Task name:

Registry Winner Schedule

Trigger:

Weekly (Runs weekly on Saturdays at 20:00)

Description:

Run Registry Winner at Scheduled Time.

The file RegistryWinner.exe has been discovered within the following program.

Registry Winner 5.6 by RegistryWinner.com

Registry Winner is registry utility whose purported purpose is to remove redundant items from the Windows registry.

www.registrywinner.com

48% remove it

Remove RegistryWinner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.