home

RegistryBot.EXE

RegistryBot

C-NetMedia

The application RegistryBot.EXE, “RegistryBot Application” by C-NetMedia has been detected as adware by 3 anti-malware scanners.
Publisher:
C-NetMedia  (signed and verified)

Product:
RegistryBot

Description:
RegistryBot Application

Version:
2.7.2819.851

MD5:
1172cd27e81f5f6c21c33ad83f93347c

SHA-1:
2d241e7b1e85343904736d3990ece5cf85208dfb

SHA-256:
1d7fa8c79eb5559521e17362e026cb1de8f0d4619f782288e7bdee664b44b551

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
4/24/2024 4:01:35 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
SpySheriff.D
2015.0.3544

Prevx
Heuristic: Suspicious Browser Help Object
3.0.3

Reason Heuristics
PUP.CNetMedia.L
14.11.21.23

File size:
2.1 MB (2,233,584 bytes)

Product version:
2.7.0.0

Copyright:
Copyright ©2007 C-NetMedia. All rights reserved.

Original file name:
RegistryBot.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\registrybot\registrybot.exe

Digital Signature
Signed by:
C-NetMedia

Authority:
VeriSign, Inc.

Valid from:
11/14/2006 2:00:00 AM

Valid to:
11/16/2007 1:59:59 AM

Subject:
CN=C-NetMedia, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=C-NetMedia, L=Mobile, S=Alabama, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38F51432ABAD3AA35011F824E0C565EC

File PE Metadata
Compilation timestamp:
9/13/2007 10:11:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:4s0a+D1UvoruyJAlBmdUCrD8dZolBGfwRyGU4x+Km62JlbNSgBOMfAuDR:4hD1Uv9yeBmv88RyrDpQml

Entry address:
0x39C0A

Entry point:
E8, C5, 05, 00, 00, E9, 35, FD, FF, FF, 6A, 10, 68, D0, C3, 44, 00, E8, 40, 03, 00, 00, 33, C0, 89, 45, E0, 89, 45, FC, 89, 45, E4, 8B, 45, E4, 3B, 45, 10, 7D, 13, 8B, 75, 08, 8B, CE, FF, 55, 14, 03, 75, 0C, 89, 75, 08, FF, 45, E4, EB, E5, C7, 45, E0, 01, 00, 00, 00, C7, 45, FC, FE, FF, FF, FF, E8, 08, 00, 00, 00, E8, 47, 03, 00, 00, C2, 14, 00, 83, 7D, E0, 00, 75, 11, FF, 75, 18, FF, 75, E4, FF, 75, 0C, FF, 75, 08, E8, 01, 00, 00, 00, C3, 6A, 14, 68, F0, C3, 44, 00, E8, DB, 02, 00, 00, 83, 65, FC, 00, FF...
 
[+]

Entropy:
6.0864

Code size:
256 KB (262,144 bytes)

Remove RegistryBot.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.