» RegistryWinner.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

RegistryWinner.exe

Registry Winner

ALIKET SOFTWARE CO., LTD.

The application RegistryWinner.exe by ALIKET SOFTWARE CO. has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler. This file is typically installed with the program Registry Winner 5.6 by RegistryWinner.com.

File name:

RegistryWinner.exe

Publisher:

RegistryWinner.com (signed by ALIKET SOFTWARE CO., LTD.)

Product:

Registry Winner

Version:

5, 6, 11, 20

MD5:

70fd17eb9a0fc054f24c6a28fabc6a51

SHA-1:

0f3120fd9149b2f20875b33b50ae5083618cee6e

SHA-256:

637a68dc1729a50a32b67e5801c8293c05fffe5e80db57d5302e264f097d6d02

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 9:40:39 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.RegistryVictor

7.1.1

AVG

Aliket

2017.0.2873

Baidu Antivirus

Adware.Win32.RegistryVictor

4.0.3.1615

Comodo Security

UnclassifiedMalware

5728

Emsisoft Anti-Malware

Adware.Win32.RegistryVictor!A2

8.16.01.05.10

ESET NOD32

Win32/Adware.RegistryVictor (variant)

10.5576

K7 AntiVirus

Trojan.Win32.Malware.1

13.7.10.970

Prevx

Low Risk Adware

3.0

Reason Heuristics

PUP.Optional.ALIKETSOFTWARECO.Task

16.1.5.22

Rising Antivirus

PE:Trojan.Win32.Generic.154DC85B!357419099

23.00.65.16103

File size:

7.3 MB (7,685,696 bytes)

Product version:

5, 6, 11, 20

Trademarks:

Registry Winner

Original file name:

RegistryWinner.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\registry winner\registrywinner.exe

Digital Signature

Signed by:

ALIKET SOFTWARE CO., LTD.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

11/27/2008 3:00:00 AM

Valid to:

11/28/2010 2:59:59 AM

Subject:

CN="ALIKET SOFTWARE CO., LTD.", OU=Secure Application Development, O="ALIKET SOFTWARE CO., LTD.", L=BEIJING, S=BEIJING, C=CN

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

6C4B7FCD34A45D21B17CD1FC8F8559A8

File PE Metadata

Compilation timestamp:

11/20/2009 10:25:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:p9BZh6TicA509lir9n6Wy4KiEF84Y9KZojd:FZ5cg0eMB3F8/9K+d

Entry address:

0x1368A6

Entry point:

55, 8B, EC, 6A, FF, 68, 30, A7, 58, 00, 68, D8, 7A, 53, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, BC, A3, 57, 00, 33, D2, 8A, D4, 89, 15, B0, F0, 5C, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, AC, F0, 5C, 00, C1, E1, 08, 03, CA, 89, 0D, A8, F0, 5C, 00, C1, E8, 10, A3, A4, F0, 5C, 00, 6A, 01, E8, 8A, 56, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, 95, 53, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

6.2045

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

1.5 MB (1,544,192 bytes)

Scheduled Task

Task name:

Registry Winner Schedule

Trigger:

Weekly (Runs weekly on Saturdays at 8:00 PM)

Description:

Run Registry Winner at Scheduled Time.

The file RegistryWinner.exe has been discovered within the following program.

Registry Winner 5.6 by RegistryWinner.com

Registry Winner is registry utility whose purported purpose is to remove redundant items from the Windows registry.

www.registrywinner.com

48% remove it

Remove RegistryWinner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.