home

roboot64.exe

UTILILAB RegistryCLEANER

Utililab GmbH

The application roboot64.exe by Utililab GmbH has been detected as a potentially unwanted program by 2 anti-malware scanners.
Publisher:
UTILILAB  (signed by Utililab GmbH)

Product:
UTILILAB RegistryCLEANER

Version:
1.0.0.0

MD5:
28ff59b0b25dea8cbccbd1e04c79c251

SHA-1:
ecc76b73dbc0f7a17b57165f472db1b479a47795

SHA-256:
113bbb3a5e4b11453745e5c18b3309313a6808664d91be693132c2b926081a6b

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
5/7/2024 4:26:15 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win64/Systweak (variant)
9.10891

Reason Heuristics
PUP.Utililab.SystemOptimizer.Optional.Meta (L)
16.2.5.16

File size:
18 KB (18,384 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2011 UTILILAB Gmbh

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\roboot64.exe

Digital Signature
Signed by:
Utililab GmbH

Authority:
The USERTRUST Network

Valid from:
1/31/2011 1:00:00 AM

Valid to:
1/31/2014 12:59:59 AM

Subject:
CN=Utililab GmbH, O=Utililab GmbH, STREET=Schumannstraße 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00B233BC32FCEFAC7A7B4F96557686C278

File PE Metadata
Compilation timestamp:
1/8/2011 8:13:08 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
192:uAZCARMdDKWY/9g9KPR/O/jyRcwAiuO24z3MdfeGroUe+tdJ60335/wJirNmL/qy:TSS9b07Nw8OLjMNeG17t3mirILECxA+

Entry address:
0x2334

Entry point:
48, 89, 5C, 24, 08, 48, 89, 6C, 24, 20, 57, 48, 83, EC, 70, 48, 8D, 0D, 96, F1, FF, FF, E8, 89, F4, FF, FF, E8, CC, 02, 00, 00, BB, 30, 00, 00, 00, 48, 8D, 4C, 24, 40, 4C, 8B, C3, 33, D2, C6, 84, 24, 88, 00, 00, 00, 00, E8, 64, 0B, 00, 00, 48, 8D, 44, 24, 40, 48, 89, 44, 24, 28, 48, 83, 64, 24, 20, 00, 8D, 4B, D2, 33, D2, 41, B9, 00, 10, 00, 00, 41, B8, 00, 00, 10, 00, 89, 5C, 24, 40, E8, 32, 0A, 00, 00, 48, 85, C0, 48, 89, 05, EC, 22, 00, 00, 75, 11, 48, 8D, 0D, FB, ED, FF, FF, E8, 26, F4, FF, FF, E9, E4...
 
[+]

Code size:
9 KB (9,216 bytes)

Remove roboot64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.