home

simpleregistrycleanersetup.exe

Simple Registry Cleaner

Vapc Lux Sarl

The application simpleregistrycleanersetup.exe, “Simple Registry Cleaner installer” by Vapc Lux Sarl has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Simple Registry Cleaner by SimpleStar. The file has been seen being downloaded from dl.reviversoft.com.
Publisher:
SimpleStar  (signed by Vapc Lux Sarl)

Product:
Simple Registry Cleaner

Description:
Simple Registry Cleaner installer

Version:
4.6.3.12

MD5:
3c98fa1594e2c67eebb90824ca11ab63

SHA-1:
163f313011fe5e98b4a402801105b377c0633d31

SHA-256:
aaf955141b6d4c489ec03b7da362b1dcb452211cf6c67f95489b51fb0795bed1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 1:28:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SimpleStar (L)
16.10.17.22

File size:
7.8 MB (8,160,368 bytes)

Product version:
4.6.3.12

Copyright:
Copyright (c) 2016 SimpleStar. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\Program Files\simple registry cleaner\simpleregistrycleanersetup.exe

Digital Signature
Signed by:
Vapc Lux Sarl

Authority:
GlobalSign nv-sa

Valid from:
2/11/2016 3:11:14 PM

Valid to:
2/10/2017 3:57:32 PM

Subject:
E=Ludovic.trogliero@vapc.lu, CN=Vapc Lux Sarl, O=Vapc Lux Sarl, L=Luxembourg, C=LU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130BA28CC6DC89090DD3923776478D67D

File PE Metadata
Compilation timestamp:
4/10/2010 1:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:tg7VuCx77b9TZrCdOQdk3T9xFQ/VE1Qep/fxkGzyn7y:tg7VBx77RTZgPuT9xF1hBKGOe

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9515

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file simpleregistrycleanersetup.exe has been discovered within the following program.

Simple Registry Cleaner  by SimpleStar
www.simplestar.com/support/simple-registry-cleaner
57% remove it
 
Powered by Should I Remove It?

The file simpleregistrycleanersetup.exe has been seen being distributed by the following URL.

http://dl.reviversoft.com/reviversoft/product_releases/.../SimpleRegistryCleanerSetup.exe

Remove simpleregistrycleanersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.