home

little_registry_optimizer_05_09_2011.exe

Little Registry Optimizer

Nicholas Hamnett

The application little_registry_optimizer_05_09_2011.exe, “Open source registry optimizer” by Nicholas Hamnett has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from getlittleapps.com.
Publisher:
Little Apps  (signed by Nicholas Hamnett)

Product:
Little Registry Optimizer

Description:
Open source registry optimizer

Version:
1.0.0.0

MD5:
2b16eafaecffc2ef2a0b4b4593c44306

SHA-1:
8eaaa07e3713d93a9b900303ee669ff4d265b647

SHA-256:
24eb7d1cfc55cfe7d8e977a0c06e226e5e82315fc35b365f102f93774e41cfe9

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
5/5/2024 10:55:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.11672330
853

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.174.236

avast!
NSIS:OutBrowse-D [PUP]
2014.9-141004

Bitdefender
Dropped:Trojan.Generic.11672330
1.0.20.1385

Dr.Web
Trojan.Packed.28636
9.0.1.0277

Emsisoft Anti-Malware
Dropped:Trojan.Generic.11672330
8.14.10.04.09

ESET NOD32
Win32/OutBrowse.AJ (variant)
8.10472

F-Secure
Dropped:Trojan.Generic.11672330
11.2014-04-10_7

G Data
Dropped:Trojan.Generic.11672330
14.10.24

MicroWorld eScan
Dropped:Trojan.Generic.11672330
15.0.0.831

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.2.62286

Trend Micro House Call
Suspici.12797D5E
7.2.277

File size:
2.8 MB (2,893,240 bytes)

Copyright:
Copyright � Little Apps 2008-2011

Trademarks:
Little Apps are licensed under the GNU General Public License v3

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\_chrome downloads\little_registry_optimizer_05_09_2011.exe

Digital Signature
Signed by:
Nicholas Hamnett

Authority:
StartCom Ltd.

Valid from:
4/11/2014 2:07:27 AM

Valid to:
4/10/2016 6:06:36 AM

Subject:
E=nick@little-apps.org, CN=Nicholas Hamnett, L=Calgary, S=Alberta, C=CA, Description=9k6ekwkCO7QG1GnN

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0E0C

File PE Metadata
Compilation timestamp:
4/10/2010 8:19:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:bnma8hCoeyUsBRfZzcRSIlYU90ezzQVA17pVLSSht9s50in3auomWGyNvnwFr:bm1CovUstcRP90Qz/S+y3LomW/Pa

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9965

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file little_registry_optimizer_05_09_2011.exe has been seen being distributed by the following URL.

https://getlittleapps.com/little-registry-optimizer/.../Little_Registry_Optimizer_05_09_2011.exe

Remove little_registry_optimizer_05_09_2011.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.