home

RegistryDefrag.exe

PC Performer

Speed Software Inc

The application RegistryDefrag.exe, “PC Performer Boot Time Registry Optimizer” by Speed Software Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
PerformerSoft, LLC  (signed by Speed Software Inc)

Product:
PC Performer

Description:
PC Performer Boot Time Registry Optimizer

Version:
1.0.0.1

MD5:
822b9a9af9c8b2c4a9dd2ae1c388efb9

SHA-1:
a087d3acbd1ceaced1cff4b69edee2d9be9fae4a

SHA-256:
8005f9a73c621e9281cd1db564d2bbf1fc5274ce4141671b359877e09ba34537

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 8:26:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.5.24.3

File size:
21.2 KB (21,752 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

Original file name:
RegistryDefrag.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pc performer\registrydefrag.exe

Digital Signature
Signed by:
Speed Software Inc

Authority:
GoDaddy.com, Inc.

Valid from:
2/1/2014 1:04:49 AM

Valid to:
2/1/2017 1:04:49 AM

Subject:
CN=Speed Software Inc, O=Speed Software Inc, L=Beaverton, S=Oregon, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
280393C0146B62

File PE Metadata
Compilation timestamp:
7/7/2014 7:44:44 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
384:UimHmELnMwPnAIaUd4eLR8hbaaeVKiUymTvahid5G43NHO8:U/HbM8nes4lOFX3mTEsG0R

Entry address:
0x2BF4

Entry point:
6A, 08, 68, C8, 44, 00, 01, E8, 60, 14, 00, 00, 83, 65, FC, 00, 8B, 45, 08, 8B, 40, 10, 8D, 48, 38, 51, 83, C0, 40, 50, E8, 24, FF, FF, FF, C7, 45, FC, FE, FF, FF, FF, E8, 08, 00, 00, 00, E8, 7D, 14, 00, 00, C2, 04, 00, 6A, 00, 6A, FF, FF, 15, 34, 10, 00, 01, C3, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 51, 51, FF, 75, 08, 8D, 45, F8, 50, FF, 15, 20, 10, 00, 01, 8D, 45, F8, 50, FF, 15, 38, 10, 00, 01, C9, C2, 04, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 51, 51, 6A, FF, 68, F0, D8, FF, FF, 6A, 00, FF, 75...
 
[+]

Entropy:
5.9352

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
14.5 KB (14,848 bytes)

Remove RegistryDefrag.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.