home

registryeasy.exe

Qiwang Computer

The application registryeasy.exe by Qiwang Computer has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Qiwang Computer  (signed and verified)

MD5:
c98d58b280d29b280e803235451922ff

SHA-1:
c1b4820811bce74bd51f11fa9a0d5319f5fc3be0

SHA-256:
3a0dc864377e19d6724262c65139cc65a41de63499e42b628d35943a805b7d9a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 4:46:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.QiwangComputer (M)
16.2.14.4

File size:
3.1 MB (3,208,184 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Qiwang Computer

Authority:
VeriSign, Inc.

Valid from:
6/16/2008 7:00:00 AM

Valid to:
6/14/2011 6:59:59 AM

Subject:
CN=Qiwang Computer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Qiwang Computer, L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
19E46BDB66FF71931FE43DB54F76BE4F

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:Y7zs0oUvIFvqjvC8gMVIOUQ4V95PeQ4y0H:iTgojs1VPmJD

Entry address:
0x9A58

Entropy:
7.9179  (probably packed)

Code size:
36.5 KB (37,376 bytes)

Remove registryeasy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.