home

regpairsetup.exe

RegSofts Software

The executable regpairsetup.exe, “Free Window Registry Repair” has been detected as malware by 7 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.regsofts.com.
Publisher:
RegSofts Software

Description:
Free Window Registry Repair

Version:
3.6

MD5:
5b448de3e2bf36dd3d17bfa33b43b7a7

SHA-1:
0c644cc4461676dd2896311e444a18f092651896

SHA-256:
5f82cde759f590a948e89a76025c87d579e1c1f8ab4b655557462dfcaab9bb7c

Scanner detections:
7 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
5/4/2024 5:20:11 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1693.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

File size:
863 KB (883,665 bytes)

Copyright:
RegSofts Software

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\regpairsetup.exe

File PE Metadata
Compilation timestamp:
4/25/2000 11:37:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:SQiVEtuyS/j8sOOvI0otd0MbeeCmwdX4kntprXur6YJH9vO+vt/fv:DF1qIOALi4e33oUtNXur97HF/fv

Entry address:
0x21AF

Entry point:
60, 38, C9, 0F, B7, D5, 89, F1, 81, F8, 4E, E4, CB, 65, 69, F9, 07, 81, 44, 42, 77, 07, 04, 9A, 87, D1, F6, C3, 56, 29, F0, 8B, F1, 85, D1, EB, 08, 86, D1, 8D, 0D, 5A, 4C, 55, CD, E8, 0D, 00, 00, 00, C6, C3, B7, 88, EC, 28, E6, 0F, BE, F8, F2, 3B, CE, 59, FF, CA, 81, FD, 60, AB, 00, 00, 76, 03, 43, 8A, C4, 05, A1, 67, 9C, 2A, 87, D7, 0F, BE, C4, C7, C6, 2B, 8A, 86, BB, 0F, BF, F7, FE, C4, B2, F1, 81, FD, BE, 18, 00, 00, F2, 32, FA, 10, EB, 51, 8D, 2D, 16, 2D, C0, 1C, B4, 63, 0F, AF, D6, F2, 81, D8, F1, 36...
 
[+]

Code size:
8.5 KB (8,704 bytes)

The file regpairsetup.exe has been seen being distributed by the following URL.

http://www.regsofts.com/.../RegpairSetup.exe

Remove regpairsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.