» RegistryTool.EXE
Overview
Analysis
File Details
Behaviors (1)

RegistryTool.EXE

RegistryTool Application

Pc Utility Inc.

The application RegistryTool.EXE by Pc Utility has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler.

File name:

RegistryTool.EXE

Publisher:

PC Utility, Inc. (signed by Pc Utility Inc. )

Product:

RegistryTool Application

Description:

RegistryTool

Version:

2.8.4053.764

MD5:

6e44b827fc6fb6e3edb40ca6d475906a

SHA-1:

fb8a805a261c945a92a6264f1002d83e5ffa88f0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 6:42:38 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic.PcUtility.Meta

15.6.29.19

File size:

36.6 MB (38,413,640 bytes)

Product version:

2.8.0.0

Original file name:

RegistryTool.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\registrytool\registrytool.exe

Digital Signature

Signed by:

Pc Utility Inc.

Authority:

VeriSign, Inc.

Valid from:

9/22/2010 2:00:00 AM

Valid to:

11/14/2011 1:59:59 AM

Subject:

CN="Pc Utility Inc. ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Pc Utility Inc. ", L=Ocean Springs, S=Mississippi, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3AD20CDDB887F15DA2951F79198F8DF7

File PE Metadata

Compilation timestamp:

1/27/2011 8:46:15 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

98304:y8kyJJu+YAjt9T+lO+ITGxX2tLOd4iuyzN31h3aaEMg5ij:ycrum9YONXt84iuo5aaEMRj

Entry address:

0x1EC3E1

Entry point:

E8, 29, B7, 00, 00, E9, 17, FE, FF, FF, 8B, 4C, 24, 04, 53, 56, 57, 33, FF, 3B, CF, 74, 08, 8B, 5C, 24, 14, 3B, DF, 77, 1B, E8, D5, 4C, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 18, 0A, 00, 00, 83, C4, 14, 8B, C6, EB, 38, 8B, 74, 24, 18, 3B, F7, 75, 05, 66, 89, 39, EB, D8, 8B, D1, 0F, B7, 06, 66, 89, 02, 42, 42, 46, 46, 66, 3B, C7, 74, 03, 4B, 75, EE, 3B, DF, 75, 11, 66, 89, 39, E8, 92, 4C, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, B9, 33, C0, 5F, 5E, 5B, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00... 
[+]

Code size:

2.3 MB (2,449,408 bytes)

Scheduled Task

Task name:

RegistryTool Scan

Path:

C:\WINDOWS\Tasks\RegistryTool Scan.job

Trigger:

Weekly (Runs weekly on Saturdays at 12:00)

Description:

Runs RegistryTool to scan your computer for registry problems.

Remove RegistryTool.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.