» little_registry_cleaner_07_07_2013.exe
Overview
Analysis
File Details
Downloads (1)

little_registry_cleaner_07_07_2013.exe

Little Registry Cleaner

Nicholas Hamnett

The application little_registry_cleaner_07_07_2013.exe, “Open source registry cleaner” by Nicholas Hamnett has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from downloads.sourceforge.net.

File name:

Publisher:

Little Apps (signed by Nicholas Hamnett)

Product:

Little Registry Cleaner

Description:

Open source registry cleaner

Version:

1.6.0

MD5:

dac4d0e2ea9b60caad8dad00d231b4ba

SHA-1:

f15721128c9b0e6b2b3721f980f2794d16a80bc3

SHA-256:

69a7d7e2d7c3deb663abf60273e70b35f42920401cd754b6bce4a7cb67ebdac0

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

5/5/2024 7:40:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.Generic.11672330

862

Agnitum Outpost

PUA.OutBrowse

7.1.1

Avira AntiVirus

APPL/Downloader.Gen

7.11.177.52

avast!

NSIS:OutBrowse-D [PUP]

2014.9-140926

AVG

Trojan horse Generic11_c

2015.0.3267

Dr.Web

infected with Trojan.Packed.28636

9.0.1.0269

ESET NOD32

Win32/OutBrowse.AJ potentially unwanted application

8.7.0.302.0

F-Secure

Dropped:Trojan.Generic.11672330

11.2014-26-09_6

K7 AntiVirus

Trojan

13.183.13611

Malwarebytes

PUP.Optional.OutBrowse

v2014.12.08.12

McAfee

Artemis!05C3A4CFAB03

5600.6996

MicroWorld eScan

Dropped:Trojan.Generic.11672330

15.0.0.807

NANO AntiVirus

Trojan.Win32.OutBrowse.deinil

0.28.2.62483

Panda Antivirus

Trj/Chgt.G

14.09.26.10

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.Optional.NicholasHamnett.c

14.10.1.11

Sophos

Generic PUA ON

4.98

Trend Micro House Call

Suspici.12797D5E

7.2.269

Vba32 AntiVirus

AdWare.OutBrowse

3.12.26.3

VIPRE Antivirus

Threat.4150696

33706

File size:

6 MB (6,314,520 bytes)

Trademarks:

Little Apps are licensed under the GNU General Public License v3

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\little_registry_cleaner_07_07_2013.exe

Digital Signature

Signed by:

Nicholas Hamnett

Authority:

StartCom Ltd.

Valid from:

4/11/2014 8:07:27 AM

Valid to:

4/10/2016 12:06:36 PM

Subject:

E=nick@little-apps.org, CN=Nicholas Hamnett, L=Calgary, S=Alberta, C=CA, Description=9k6ekwkCO7QG1GnN

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0E0C

File PE Metadata

Compilation timestamp:

4/10/2010 2:19:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

196608:9g2T8QIRyW+oq+rCL361ZLWbgo2PAiGYL:9KRRyW+ohrCDrEoxIL

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file little_registry_cleaner_07_07_2013.exe has been seen being distributed by the following URL.

http://downloads.sourceforge.net/project/littlecleaner/Little Registry Cleaner/.../Little_Registry_Cleaner_07_07_2013.exe

Remove little_registry_cleaner_07_07_2013.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.