home

LenovoReg.exe

PowerReg

Leader Technologies Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Lenovo Registration’.
Publisher:
Lenovo, Inc.  (signed by Leader Technologies Inc)

Product:
PowerReg

Description:
Lenovo Registration

Version:
1.0.4

MD5:
00c904fccbd196a820521e6a74c63eb2

SHA-1:
d11c755c84acf08fe1d004994280da32895ed00e

SHA-256:
c0e070d31ddd027b924524bb26317d30ac578577d5284e3017b79027385bdfae

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 8:26:39 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Virut.AI!Generic
4.6.5.141

File size:
4.2 MB (4,351,712 bytes)

Product version:
1.0.4

Copyright:
Copyright (C) 2011

Original file name:
LenovoReg.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lenovo registration\lenovoreg.exe

Digital Signature
Signed by:
Leader Technologies Inc

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/17/2009 4:18:19 AM

Valid to:
7/9/2012 4:07:05 AM

Subject:
CN=Leader Technologies Inc, OU=Secure Application Development, O=Leader Technologies Inc, L=Albuquerque, S=New Mexico, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
406C28C26793D8B06A7F0651A73C7B78

File PE Metadata
Compilation timestamp:
7/14/2011 5:22:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:NX4KHtoIXJmJSXVyk+4Axsb4LgO9TGxFOlBH1IIUX20iv8ND6hRPn2:NX4qtiAC9TIIBVIVND6hR

Entry address:
0x22477B

Entry point:
E8, A6, FA, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 00, A4, 76, 00, 75, 02, F3, C3, E9, 2D, FB, 00, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, 95, FC, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, C7, 01, 88, CC, 6D, 00, E8, 11, FC, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 1A, BD, E5, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, E5, FD, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, E8, 34, FD, 00, 00, 59, C3, 8B, FF, 55, 8B...
 
[+]

Entropy:
6.5634

Code size:
2.6 MB (2,770,432 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Lenovo Registration

Command:
C:\Program Files\lenovo registration\lenovoreg.exe \boot


Scan LenovoReg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.