» registrykituninstaller.exe
Overview
Analysis
File Details

registrykituninstaller.exe

TurboSoft Systems LTD

The application registrykituninstaller.exe by TurboSoft Systems has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

Publisher:

TurboSoft Systems LTD (signed and verified)

MD5:

98106fc924e66b6db1b94f285deae247

SHA-1:

5647e7d9f20ba03b69bb2cca3d3b18a83b3e8c8d

SHA-256:

5821ac2eadddd04f88b4669ed0ec5a0587fc5a402fad1aba6bccdd42d5d373d7

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/1/2024 2:02:24 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TurboSoft (M)

16.3.9.12

Rising Antivirus

PE:AdWare.Win32.InstallCore.i!1075350952

23.00.65.15101

File size:

305.4 KB (312,680 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\registry kit\registrykituninstaller.exe

Digital Signature

Signed by:

TurboSoft Systems LTD

Authority:

COMODO CA Limited

Valid from:

12/29/2011 4:00:00 PM

Valid to:

12/29/2014 3:59:59 PM

Subject:

CN=TurboSoft Systems LTD, O=TurboSoft Systems LTD, STREET=Sheung Wan, L=Hongkong, S=Hongkong, PostalCode=HK, C=HK

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

11DB00D39EB860959841085CBE441CCA

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:TxuL0egb7IeeUeRuF+43rGjKzYLEnFmvEptk02WNN4G3FFFzwE:wQeOkeFrG+0LEnJtk0BNN4WmE

Entry address:

0xD1010

Entry point:

60, BE, 00, B0, 48, 00, 8D, BE, 00, 60, F7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8856

Packer / compiler:

UPX 2.90LZMA

Code size:

284 KB (290,816 bytes)

Remove registrykituninstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.