regcureprosetup.exe

Paretologic Inc.

The application regcureprosetup.exe, “RegCure Pro Installer” by Paretologic has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Verzoek of wijziging voorlopige aanslag 2014 by Belastingdienst. The file has been seen being downloaded from RevenueWire's affiliate distribution platform perseo.paretologic.revenuewire.net and multiple other hosts.
Publisher:
ParetoLogic, Inc.  (signed by Paretologic Inc.)

Description:
RegCure Pro Installer

Version:
3.1.7.0

MD5:
44294b2e8256a473dc6ae0ef980ebc81

SHA-1:
7cfc818657ef3985e1eba71eb6392e4d909ee535

SHA-256:
cc61a7b7187fde1c6b9cf3ebf9a678cf10b9bc599075d7c8d22c7ad6aab523db

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
9/26/2017 4:50:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ParetoLogic.Optional.Installer.Meta (L)
16.2.11.23

File size:
5.7 MB (5,938,856 bytes)

Copyright:
Copyright © 2013 ParetoLogic, Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\regcureprosetup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/25/2013 3:53:32 PM

Valid to:
2/26/2015 3:53:32 PM

Subject:
CN=Paretologic Inc., OU=Paretologic Inc., O=Paretologic Inc., L=Victoria, S=British Columbia, C=CA

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121F9945D68B6DFDD557292B63C5A3015E1

File PE Metadata
Compilation timestamp:
2/24/2012 1:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:Bk2cxLqDBdDj6Tsp+uTDyxpP0mDKGbFxjRxZZ8jcz8TTH+dFk/PnsgYnFkJdYanc:8xLkLvksp+u6pP0OBHjRZ+5PH+M/EjnV

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9980

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file regcureprosetup.exe has been discovered within the following program.

About 6% of users remove it
 
Powered by Should I Remove It?

The file regcureprosetup.exe has been seen being distributed by the following 50 URLs.

http://perseo.paretologic.revenuewire.net/.../download?281759

http://adwaresupport.com/recommends/.../m.php

http://www.exe-error-advisor.com/repairtool.php

http://error-fix.com/recommends/.../m.php

http://s6523.chomikuj.pl/File.aspx?e=vL3t_FvGHVN5iX1SifyJa99ukTzg7af0JD-d3RGFJ1vt-_fLuiHzErtf8YbK87d5TGUb8NishgnPmcstYpbf4l8YA_sNej4V2ozCkyPe29kdSs2iTySmyzmaotnJKbUlDsVFs0MQG2NkPjWbuGwkMA&pv=2

Latest 30 of 120 download URLs

Remove regcureprosetup.exe - Powered by Reason Core Security