» Update.EXE
Overview
Analysis
File Details
Programs (1)

Update.EXE

IncUpdate

CleanMyPC Technology Limited

The application Update.EXE by CleanMyPC Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Registry Repair Wizard by SmartPCTools.

File name:

Update.EXE

Publisher:

Sunisoft (signed by CleanMyPC Technology Limited)

Product:

IncUpdate

Description:

Online Updater

Version:

2007.7.30.252

MD5:

5d9fc09fcb183d9b1bdda6dd71c9d004

SHA-1:

9e95493f46e715f9ea8b7f047a130887a9733550

SHA-256:

9f0cf615710e3ca7798516173af55de529ce10ce01a806846a9e8c22f7662bcf

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 7:43:03 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.CleanMyPCTechnology

15.2.17.9

File size:

648.7 KB (664,304 bytes)

Product version:

2.9

Original file name:

Update.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\smartpctools\registry repair wizard\update.exe

Digital Signature

Signed by:

CleanMyPC Technology Limited

Authority:

COMODO CA Limited

Valid from:

3/28/2012 7:00:00 PM

Valid to:

3/29/2017 6:59:59 PM

Subject:

CN=CleanMyPC Technology Limited, O=CleanMyPC Technology Limited, STREET="ROOM C1D 6/F, WING HING INDUSTRIAL BUILDING", STREET=14 HING YIP STREET, STREET="KWUN TONG, KOWLOON", L=HONG KONG, S=NA, PostalCode=NA, C=HK

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B22D5ED33A336918E76BE3A5C6CB25F1

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:FQ/b1QYb9Ify+sRp66qHbJrEenumvJq+NOek92eMlTsWKKn:i/Fb9MME6q7inuOLMlTDR

Entry address:

0x1CA001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, A0, 1C, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Entropy:

7.9634

Packer / compiler:

ASPack v2.12

Code size:

1.3 MB (1,368,576 bytes)

The file Update.EXE has been discovered within the following program.

Registry Repair Wizard by SmartPCTools

SmartPCTools Registry Repair Wizard is registry utility whose purported purpose is to remove redundant items from the Windows registry.

www.registryrepair.net

51% remove it

Remove Update.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.