» 11.0.0.300-rminstall.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

11.0.0.300-rminstall.exe

PC Tools Registry Mechanic

PC Tools

The program is a setup application that uses the Inno Setup installer. This is installed with PC Tools Registry Mechanic 11.0. The file has been seen being downloaded from s10821.chomikuj.pl and multiple other hosts.

File name:

Publisher:

PC Tools (signed by PC Tools)

Product:

PC Tools Registry Mechanic

Description:

PC Tools Registry Mechanic Setup

Version:

11.0.0.300

MD5:

34b75e7f2dc906ad0198945f15bae49e

SHA-1:

e72bb98fd8ca3d524be22e2470814c1bac57d5cc

SHA-256:

797ee4a5c5c79b46e46cd5507a0e9a1ff1a4b542af15f6f7fdc78a1fd340fd93

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/15/2024 10:14:36 PM UTC (today)

File size:

13.4 MB (14,047,384 bytes)

Product version:

11.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\ProgramData\pc tools\downloadmanager\securitypackage\11.0.0.300-rminstall.exe

Digital Signature

Signed by:

PC Tools

Authority:

VeriSign, Inc.

Valid from:

7/9/2009 8:00:00 PM

Valid to:

8/15/2012 7:59:59 PM

Subject:

CN=PC Tools, OU=Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PC Tools, L=Melbourne, S=Victoria, C=AU

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

42ABDC237D1BA31664BA4E7B05F23652

File PE Metadata

Compilation timestamp:

6/10/2010 10:33:52 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:TecPOYS83hti5u8Ef8oucKWXe23NkSpwchaGTxQFyBQR4OF+:qpWt4eEFSNkUhvTqHRXF+

Entry address:

0x163C4

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 54, 55, 41, 00, E8, 70, 04, FF, FF, 33, C0, 55, 68, 91, 6A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 4D, 6A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, A6, EF, FF, FF, E8, B1, EA, FF, FF, 8D, 55, EC, 33, C0, E8, FB, 87, FF, FF, 8B, 55, EC, B8, A8, D6, 41, 00, E8, A6, EA, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, A8, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.9838

Developed / compiled with:

Microsoft Visual C++

Code size:

85 KB (87,040 bytes)

The file 11.0.0.300-rminstall.exe has been discovered within the following program.

PC Tools Registry Mechanic 11.0 by PC Tools Software

PC Tools Registry Mechanic is registry fixer utility whose purported purpose is to remove redundant items from the Windows registry.

www.pctools.com/en/registry-mechanic

22% remove it

The file 11.0.0.300-rminstall.exe has been seen being distributed by the following 2 URLs.

http://s10821.chomikuj.pl/File.aspx?e=cAmtEFCLYBUjLMHYerlJfdUOpwTzefRZHtCSPA-jcaUaVv72hh7Or4mmLhOzJkMrozutauKDCtfM3AOmOadFwAvuk3XK8WMbps_KdYOaFU5-G9wTWHxRtERiodP3-2K_PEOkyLwNrk76vUQ4aF_--w&pv=2

http://s10821.chomikuj.pl/File.aspx?e=cAmtEFCLYBUjLMHYerlJfdUOpwTzefRZHtCSPA-jcaX31pOJuo3t2xi4OAVmgPXXE12OcOAitxcjeYyXYI3SJR7Hc1Oj7rYsLY-2jmmS1uA64LK0SEzlRxzFJD2JcQoe3BgGTO6fpfYZ26yiqTTElw&pv=2

Scan 11.0.0.300-rminstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.