home

Update.exe

Update

ALIKET SOFTWARE CO., LTD.

The application Update.exe, “Registry Winner Updater” by ALIKET SOFTWARE CO. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
ResitryWinner.com  (signed by ALIKET SOFTWARE CO., LTD.)

Product:
Update

Description:
Registry Winner Updater

Version:
1, 3, 7, 24

MD5:
912f462d2035bba0fa1ec6bc9403ecdd

SHA-1:
22ca25bcf81f47176609e2bb8b62f914dfb2251f

SHA-256:
b0e975e2f99da548aa6b077c971d5f1bbd8339c19573979728944695762493fd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 7:55:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.ALIKETSO
16.12.8.21

File size:
3.4 MB (3,606,288 bytes)

Product version:
1, 3, 7, 24

Copyright:
Copyright (C) 2012-2020 www.RegistryWinner.com.All rights reserved.

Original file name:
Update.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\registry winner\update.exe

Digital Signature
Signed by:
ALIKET SOFTWARE CO., LTD.

Authority:
Thawte, Inc.

Valid from:
10/23/2010 8:00:00 AM

Valid to:
11/27/2012 7:59:59 AM

Subject:
CN="ALIKET SOFTWARE CO., LTD.", OU=Secure Application Development, O="ALIKET SOFTWARE CO., LTD.", L=BEIJING, S=BEIJING, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
290E9CC99535D9DE6F80E9A454C75D64

File PE Metadata
Compilation timestamp:
7/25/2012 1:23:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:TgibN7P0myuccJ9lSnixYQElpWzbZPbZS3Q3nW7qW7L+65ncyh/XE4H0j87D+65g:MgynulSoYQ8WzlPlSA3zKa4P9jEr

Entry address:
0x38D60

Entry point:
E8, 53, 76, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, C0, B7, 46, 00, 75, 02, F3, C3, E9, D5, 76, 00, 00, 8B, FF, 51, C7, 01, 24, 8B, 45, 00, E8, CD, 77, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 98, 00, FE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 11, 78, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, D2, 3A, 00, 00, 53...
 
[+]

Entropy:
6.4992

Code size:
331 KB (338,944 bytes)

Remove Update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.