home

smartregistrycleanerservice.exe

Registry Mum

Beijing WeiSiTianYu software development services center

It runs as a separate (within the context of its own process) windows Service named “SmartRegistryCleaner Service”.
Publisher:
Weskysoft Inc.  (signed by Beijing WeiSiTianYu software development services center)

Product:
Registry Mum

Version:
1.0.0.42

MD5:
00235c42345ec428f87e409a3b59fb4c

SHA-1:
e87ab1c40c033961f15cefbe105484a4f12af3f4

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/25/2024 5:50:04 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Skodna.SecurityTool.7eb
2016.0.2978

Trend Micro House Call
Suspicious_GEN.F47V1203
7.2.265

File size:
1.5 MB (1,556,464 bytes)

Product version:
1.0

Original file name:
RegistryMumService.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

Common path:
C:\Program Files\smart registry cleaner\smartregistrycleanerservice.exe

Digital Signature
Signed by:
Beijing WeiSiTianYu software development services center

Authority:
VeriSign, Inc.

Valid from:
3/8/2011 5:00:00 AM

Valid to:
3/8/2012 4:59:59 AM

Subject:
CN=Beijing WeiSiTianYu software development services center, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing WeiSiTianYu software development services center, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DED01C5B93F0A71E9715C373D1EF44F

File PE Metadata
Compilation timestamp:
8/5/2011 2:18:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:AER4iodjzK6UYNNuwtrpieLBkSYJgZDOJRL/RmjnTW1vuNgmRa6UFXTGOIFL2:QiAUYN8CreS7xOJRLcDTWia64TGOIFL2

Entry address:
0x139118

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, C0, 17, 53, 00, E8, 0F, 25, ED, FF, A1, B0, 07, 54, 00, 8B, 00, 8B, 10, FF, 52, 38, 8B, 0D, DC, 09, 54, 00, A1, B0, 07, 54, 00, 8B, 00, 8B, 15, 00, F4, 52, 00, 8B, 18, FF, 53, 34, A1, B0, 07, 54, 00, 8B, 00, 8B, 10, FF, 52, 3C, 5B, E8, E5, D6, EC, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5451

Developed / compiled with:
Microsoft Visual C++

Code size:
1.2 MB (1,276,928 bytes)

Service
Display name:
SmartRegistryCleaner Service

Service name:
RegMumService

Type:
Win32OwnProcess


Scan smartregistrycleanerservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.