» regservo_2.0.5.0.exe
Overview
Analysis
File Details
Downloads (1)

regservo_2.0.5.0.exe

REGSERVO

TuneUp System Software Pvt Ltd.

The executable regservo_2.0.5.0.exe, “REGSERVO Setup ” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.error-toolkit.com.

File name:

Publisher:

TuneUp System Software Pvt Ltd.

Product:

REGSERVO

Description:

REGSERVO Setup

Version:

2.1.0.5

MD5:

e718e1fef4471813016e769b0e6e5464

SHA-1:

0488c10691865f25c6d8b12d2123b5e3e9778c48

SHA-256:

17c96992d86d845db12175c8050c0d379f72c34e05f082cccf217403ff331c1d

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

1/23/2019 11:14:05 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160215-2

AVG

Win32/Sality

2015.0.4530

Dr.Web

Win32.Sector.30

9.0.1.05190

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.213.6304.0

Norman

Win32.Sality.3

15.02.2016 12:34:50

Sophos

Virus 'Mal/Sality-D'

5.23

VIPRE Antivirus

Threat.4721115

47240

File size:

2.4 MB (2,466,896 bytes)

Product version:

2.1.0.5

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\regservo_2.0.5.0.exe

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:P9ZXjbzL/pXrJmSeOZWsQTSPVPWG3MnK/FVm8d9fyNmW5n:1ZzHLNJmSeOZW1gvEKK8d1P

Entry address:

0xA5F8

Entry point:

60, 8B, D2, 38, EB, C6, C4, 47, 80, C1, 33, F3, 3D, 8F, D7, 4D, 5D, 8A, D7, 8B, F7, 81, EF, A4, CB, 00, 00, 0F, AF, DD, 81, EF, 45, 09, 00, 00, BD, CC, 0B, DE, C1, EB, 06, C7, C5, 0F, 6D, 3B, 94, 03, C2, C7, C3, 59, D5, DA, 81, F7, C0, 06, 7E, E7, 7A, F7, C6, DD, 18, 17, 7A, E8, 22, 00, 00, 00, 8D, 0D, 55, D6, 21, EB, 81, D5, 73, B9, 68, 4D, 80, EA, 27, FE, C6, 69, C6, C2, 15, C2, 19, 8B, C0, 0F, BE, F5, 81, FF, 7B, 2E, 00, 00, 13, EE, 87, EB, 45, BA, 59, F0, 5C, 2B, F6, C5, 7F, 88, F8, 05, CA, D7, 4B, 51... 
[+]

Entropy:

7.9943 (probably packed)

Code size:

39.5 KB (40,448 bytes)

The file regservo_2.0.5.0.exe has been seen being distributed by the following URL.

http://www.error-toolkit.com/download.php

Remove regservo_2.0.5.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.