» Splash.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

Splash.exe

Splash

ShieldApps

The application Splash.exe by ShieldApps has been detected as a potentially unwanted program by 8 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program PC Registry Shield by ShieldApps.

File name:

Splash.exe

Publisher:

ShieldApps (signed and verified)

Product:

Splash

Version:

2.3.5.0

MD5:

96c7383c4ede8a771501aa022f54ff6f

SHA-1:

58c404d566807379bcbecc734e6f4df153cda4c7

SHA-256:

eaa79c3844f3690f63c5c362518f69f6942078b709fc27b204f427b9c96c5dba

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:48:49 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-160211

Dr.Web

Program.Unwanted.64

9.0.1.042

IKARUS anti.virus

PUA.MSIL.Rebrand

t3scan.1.9.5.0

Kaspersky

Trojan-FakeAV.Win32.Agent

14.0.0.679

Panda Antivirus

Trj/Chgt.G

16.02.11.06

Qihoo 360 Security

Win32/Trojan.5f3

1.0.0.1015

Reason Heuristics

Win32.Generic

16.2.11.6

Vba32 AntiVirus

TrojanFakeAV.Agent

3.12.26.3

File size:

236 KB (241,624 bytes)

Product version:

2.3.5.0

Original file name:

Splash.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\pc registry shield\splash.exe

Digital Signature

Signed by:

ShieldApps

Authority:

COMODO CA Limited

Valid from:

5/17/2013 5:30:00 AM

Valid to:

5/18/2014 5:29:59 AM

Subject:

CN=ShieldApps, O=ShieldApps, STREET="5042 WILSHIRE BLVD #18607", L=Los Angeles, S=California, PostalCode=90036, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

632B7D136E516FB1DB7B7D0D2831E18B

File PE Metadata

Compilation timestamp:

12/2/2013 4:40:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:mslQMxyIWrkiIZlaasqeFMxyIWrkiIZlaas8:fxyIWr6ZlaGyIWr6Zlay

Entry address:

0x228AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7077

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

130.5 KB (133,632 bytes)

Scheduled Task

Task name:

PCRegistryShield_Popup

Trigger:

Daily (Runs daily at 3:00 PM)

Description:

SplashPopup_PCRegistryShield

The file Splash.exe has been discovered within the following program.

PC Registry Shield by ShieldApps

This is 'registry cleaner' is supposed to optimize a computer by removing invalid registry entries as well as provides some additional utilities.

pcregistryshield.com

49% remove it

Remove Splash.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.