home

callregcheck.exe

Unistal Systems Pvt. Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘UBSuiteRTS_reg’.
Publisher:
Unistal Systems Pvt. Ltd.  (signed and verified)

MD5:
6b89024da33467a812caa4df5412df10

SHA-1:
cdd321354f2a39af80682a69f379c0decec9a978

SHA-256:
d8b6b23cc7e2cb412965a88ddaef0746d24b369c580aa9eafc81a1f1f43ee67d

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 7:42:36 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Laneul
1.3.0.4246

File size:
52 KB (53,216 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Unistal Systems Pvt. Ltd.

Authority:
Thawte, Inc.

Valid from:
2/27/2011 5:30:00 AM

Valid to:
3/2/2013 5:29:59 AM

Subject:
CN=Unistal Systems Pvt. Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Unistal Systems Pvt. Ltd., L=New Delhi, S=Delhi, C=IN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0340764C13DEFF9C984075CE4BCFC4A6

File PE Metadata
Compilation timestamp:
3/28/2007 5:23:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:qk/kyj4nXfGv8+OqA5xqvmADZrPLL+T2c0IEtvcEYZ:q44n+v8J5x0NrPWT2ntvg

Entry address:
0x151A

Entry point:
E8, 27, 18, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, AE, 40, 00, 89, 0D, D4, AE, 40, 00, 89, 15, D0, AE, 40, 00, 89, 1D, CC, AE, 40, 00, 89, 35, C8, AE, 40, 00, 89, 3D, C4, AE, 40, 00, 66, 8C, 15, F0, AE, 40, 00, 66, 8C, 0D, E4, AE, 40, 00, 66, 8C, 1D, C0, AE, 40, 00, 66, 8C, 05, BC, AE, 40, 00, 66, 8C, 25, B8, AE, 40, 00, 66, 8C, 2D, B4, AE, 40, 00, 9C, 8F, 05, E8, AE, 40, 00, 8B, 45, 00, A3, DC, AE, 40, 00, 8B, 45, 04, A3, E0, AE, 40, 00, 8D, 45, 08, A3, EC, AE, 40, 00, 8B...
 
[+]

Entropy:
5.8881

Code size:
28 KB (28,672 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
UBSuiteRTS_reg

Command:
C:\unistal\ubsuite\common files\callregcheck.exe


Scan callregcheck.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.