» registryrepair_rr28.exe
Overview
Analysis
File Details

registryrepair_rr28.exe

3B Software

The executable registryrepair_rr28.exe, “Windows Registry Repair Pro Setup ” has been detected as malware by 6 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.

File name:

Publisher:

3B Software, Inc. (signed by 3B Software)

Description:

Windows Registry Repair Pro Setup

MD5:

2dbca40596f0f1c5caa083f0838aeeaf

SHA-1:

41ed0143c5ae05a27b94213f09f05679a81ddf59

SHA-256:

9d115bedeb9b16e527eb0829b6715b6866e04aa78ea6b880ff7db8aa2a1b4a99

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

5/11/2024 1:26:06 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

19156

Dr.Web

infected with Trojan.PWS.Siggen1.27418

9.0.1.05190

Kaspersky

Trojan.Win32.Agent

15.0.0.494

McAfee

Trojan.Artemis!2DBCA40596F0

16.8.708.2

NANO AntiVirus

Trojan.Win32.Agent.dbaoww

0.28.2.61349

Norman

Agent.BCWJE

11.20140811

File size:

1.2 MB (1,228,864 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

3B Software

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

9/20/2004 11:12:24 PM

Valid to:

9/20/2006 11:12:24 PM

Subject:

L=DeSoto, S=Texas, C=US, OU=Secure Application Development, O=3B Software, CN=3B Software

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

207359

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:qM6UKxT1JNNm3mmeAe7C4U3vcrvxJslKg/manLykd9DEhPjs7Lmjb+t:n6UKxTlNm2mwU30zbsp/LLZd9b7amt

Entry address:

0x9264

Entry point:

55, 8B, EC, 83, C4, B8, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, BC, 89, 45, B8, E8, 5F, 9E, FF, FF, E8, 8A, B0, FF, FF, E8, E9, D2, FF, FF, E8, 30, D3, FF, FF, E8, 07, F6, FF, FF, BE, CC, BD, 40, 00, 33, C0, 55, 68, 14, 99, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, 98, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, EC, FE, FF, FF, E8, 9F, F9, FF, FF, 8D, 55, F0, 33, C0, E8, 41, D6, FF, FF, 8B, 55, F0, B8, C0, BD, 40, 00, E8, 10, 9F, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, C0, BD, 40, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

34.5 KB (35,328 bytes)

Remove registryrepair_rr28.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.