» aro.EXE
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

aro.EXE

Advanced Registry Optimizer

Sammsoft

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘AROReminder’. This file is installed with the program Advanced Registry Optimizer.

File name:

aro.EXE

Publisher:

Sammsoft (signed and verified)

Product:

Advanced Registry Optimizer

Version:

5.1.348.481

MD5:

1895416535b33de4189ae31da62333a1

SHA-1:

d08dddd4c9a4907df428fc08c5666737a66edede

SHA-256:

0bee8f72343fa9deff2020605f43ec42a57c33e08b1c1f70b7fac84c8a407e42

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 9:14:47 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Sammsoft.Startup

188838

ESET NOD32

Win32/Systweak potentially unwanted application

7.0.302.0

File size:

2 MB (2,136,360 bytes)

Product version:

5.1.348.481

Trademarks:

Advanced Registry Optimizer, Registry Cleaner

Original file name:

aro.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\advanced registry optimizer\aro.exe

Digital Signature

Signed by:

Sammsoft

Authority:

The USERTRUST Network

Valid from:

9/18/2008 9:00:00 PM

Valid to:

9/19/2009 8:59:59 PM

Subject:

CN=Sammsoft, O=Sammsoft, STREET=23316 NE Redmond-Fall City Road, L=Redmond, S=WA, PostalCode=98053, C=US

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00CD9E940178C21B870BCB6F46371B3142

File PE Metadata

Compilation timestamp:

3/26/2008 6:08:26 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:RFpd2D3SxhvsKOs7V1GQtNHR0ZABV2ukYYrZjP3F5TzGxubGP:Rk3SxDOs7tK85gR5TicbGP

Entry address:

0x7A9A3

Entry point:

E8, 1C, 69, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, F4, B6, 5A, 00, 75, 02, F3, C3, E9, 9C, 69, 00, 00, 51, C7, 01, 1C, 03, 56, 00, E8, 94, 6A, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, 48, DA, FD, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, D9, 6A, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 1C, 31, 00, 00, 6A, 16, 5E, 89, 30, 57... 
[+]

Code size:

1.3 MB (1,415,168 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

AROReminder

Command:

C:\Program Files\advanced registry optimizer\aro.exe -rem

The file aro.EXE has been discovered within the following program.

Advanced Registry Optimizer by Sammsoft

Advanced Registry Optimizer is registry cleaner/fixer utility whose purported purpose is to remove redundant items from the Windows registry.

go.sammsoft.com?linkid=100162

56% remove it

Scan aro.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.