» RegRSPAddin.exe
Overview
Analysis
File Details
Behaviors (1)

RegRSPAddin.exe

Risk Solver Platform

Frontline Systems, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RiskSolverEnable’.

File name:

RegRSPAddin.exe

Publisher:

Frontline Systems, Inc. (signed and verified)

Product:

Risk Solver Platform

Version:

11.0.5.0

MD5:

468c4b697e26b6ed6252e31ecf2acf2d

SHA-1:

19c37754910a6e81c5ffab87c5084d32aba1c53e

SHA-256:

1aa1ea1b2cb4ecc932bc54a2139e9c48ffc5ea384923972768af5590dee94f44

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 11:39:36 AM UTC (today)

File size:

1.6 MB (1,688,680 bytes)

Product version:

11.0.5.0

Original file name:

RegRSPAddin.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\frontline systems\analytic solver platform\bin\regrspaddin.exe

Digital Signature

Signed by:

Frontline Systems, Inc.

Authority:

COMODO CA Limited

Valid from:

6/10/2013 8:00:00 PM

Valid to:

6/11/2018 7:59:59 PM

Subject:

CN="Frontline Systems, Inc.", O="Frontline Systems, Inc.", POBox=P.O. Box 4288, STREET=913 Tahoe Blvd Suite 7, L=Incline Village, S=NV, PostalCode=89451, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

327CF16AAAE5FCE9BD55AC229F9758B9

File PE Metadata

Compilation timestamp:

6/20/2011 6:11:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:Bg7vllU01opEz7eZtJVMz7CZSqVeZPDi6/rhiIvtXLS:es01ZWZtJVMz7cSgeFDzrhNt2

Entry address:

0x100826

Entry point:

E8, B5, 6F, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 38, 39, 57, 00, 75, 02, F3, C3, E9, 37, 70, 00, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 57, FF, 35, C8, BF, 57, 00, E8, 90, 69, 00, 00, FF, 35, C4, BF, 57, 00, 8B, F8, 89, 7D, FC, E8, 80, 69, 00, 00, 8B, F0, 59, 59, 3B, F7, 0F, 82, 83, 00, 00, 00, 8B, DE, 2B, DF, 8D, 43, 04, 83, F8, 04, 72, 77, 57, E8, D7, 34, 00, 00, 8B, F8, 8D, 43, 04, 59, 3B, F8, 73, 48, B8, 00, 08, 00, 00, 3B, F8, 73, 02, 8B, C7, 03, C7, 3B, C7, 72, 0F, 50, FF, 75, FC, E8, 68, 71, 00, 00, 59... 
[+]

Entropy:

6.4678

Code size:

1.2 MB (1,209,856 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RiskSolverEnable

Command:

"C:\Program Files\frontline systems\analytic solver platform\bin\regrspaddin.exe" \r \s

Scan RegRSPAddin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.