home

regorganizer.exe

Reg Organizer

Konstantin Polyakov

Publisher:
ChemTable Software  (signed by Konstantin Polyakov)

Product:
Reg Organizer

Version:
5.0.0.0

MD5:
dd41219838baa28b54641af1991a89b1

SHA-1:
8ae1fcfdbfdf51ed6e8ba7db2b89a27bc44adeb8

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/24/2024 1:57:10 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
WORM_BAGLE.BMH
7.2.53

File size:
2.8 MB (2,909,376 bytes)

Product version:
5.0

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\reg organizer\regorganizer.exe

Digital Signature
Signed by:
Konstantin Polyakov

Authority:
The USERTRUST Network

Valid from:
6/23/2009 3:00:00 AM

Valid to:
6/24/2010 2:59:59 AM

Subject:
CN=Konstantin Polyakov, O=Konstantin Polyakov, STREET="Mira str., 36-18", L=Ekaterinburg, S=N/A, PostalCode=620078, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00975D70435BCFE7E20AC00DD74BA0CB32

File PE Metadata
Compilation timestamp:
12/16/2009 9:10:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:JeaB7w0Z/aGwjdk8x3cSvAM4E56I/My/4F6SK27:Euw0Z/aldVx3cSvAMJFMu4F6t27

Entry address:
0x1000

Entry point:
68, 01, F0, 9D, 00, E8, 01, 00, 00, 00, C3, C3, AA, 71, 6A, 31, 34, 5E, B7, 7C, 12, 75, 7D, 96, 45, 1A, B9, 0E, 56, 2E, 70, 9A, D5, 12, 11, 0F, B2, C8, 7B, 09, 0A, C3, 76, 79, A0, 7F, 8C, FC, A1, EB, E1, 81, 93, BF, 9B, FA, A2, 8B, 72, A6, DE, F3, AD, BB, 53, 7B, D2, 5F, 3D, 18, 85, B6, 35, 6D, 31, 38, A9, DF, 4B, 66, 94, A7, 48, 34, 7E, 3D, 6B, 4E, F3, 6B, 1A, 66, 06, 39, EC, AE, 1F, A7, E8, 37, 82, 1A, 0F, CF, 71, D7, 3A, 94, D7, DA, DD, BD, 85, 0F, 3D, 17, 71, 7F, 20, B4, 29, B4, 48, 04, E2, 22, F4, E1...
 
[+]

Entropy:
7.2415

Code size:
3.4 MB (3,530,752 bytes)

The file regorganizer.exe has been seen being distributed by the following URL.

https://mail.yandex.ru/.../RegOrganizer.exe

Scan regorganizer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.