» RegistryTurboSupport.exe
Overview
Analysis
File Details

RegistryTurboSupport.exe

TurboSoft Systems LTD

The application RegistryTurboSupport.exe by TurboSoft Systems has been detected as a potentially unwanted program by 2 anti-malware scanners.

File name:

Publisher:

RegistryTurbo (signed by TurboSoft Systems LTD)

Product:

RegistryTurboSupport.exe

Version:

1.00

MD5:

5d49bd49322b420e03671d4da68544ad

SHA-1:

cd9f3d86f2adeb98070650cade91d617a9cf0d72

SHA-256:

107882167bd63f802143f0be80c1fd2bdebfd98f85d8e4d2a6e9626a3b872c94

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

5/1/2024 2:36:03 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TurboSoft (M)

16.3.9.12

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15108

File size:

123.1 KB (126,080 bytes)

Product version:

1.00

Original file name:

RegistryTurboSupport.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\registry turbo\registryturbosupport.exe

Digital Signature

Signed by:

TurboSoft Systems LTD

Authority:

COMODO CA Limited

Valid from:

12/29/2011 7:00:00 PM

Valid to:

12/29/2014 6:59:59 PM

Subject:

CN=TurboSoft Systems LTD, O=TurboSoft Systems LTD, STREET=Sheung Wan, L=Hongkong, S=Hongkong, PostalCode=HK, C=HK

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

11DB00D39EB860959841085CBE441CCA

File PE Metadata

Compilation timestamp:

11/13/2010 7:28:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:aO0+Kv2KLW4fSOU2wiKn5c2R4QNyOcVWpiGCrVLNKv29JehnH:ivA4fSJ2KK44Q4y6rSvZH

Entry address:

0x1664

Entry point:

68, 5C, F4, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, F9, CB, 13, EB, 17, 96, FF, 42, AB, BC, 4C, 61, F4, B6, FC, 2B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, B7, 00, 00, 00, 52, 65, 73, 74, 61, 72, 74, 41, 70, 70, 6C, 69, 63, 61, 74, 69, 6F, 6E, 00, 20, 50, 61, 64, 61, 00, 00, 00, 00, FF, CC, 31, 00, 0B, EC, 15, 56, B5, E0, F3, B9, 49, B2, 44, A3, F2, 61, 7E, 7A, E1, 21, A1, 00, 61, 99, 9B, AC, 48, B1, 75, 2F, 5B, A7, 9A, 7E, 62, 3A, 4F, AD... 
[+]

Entropy:

6.3562

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

80 KB (81,920 bytes)

Remove RegistryTurboSupport.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.