× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03d6fc3a17a078665adc95b2812350f6e1c647524f464b01c88d92b5af8c383e
File name: RegTechy.exe
Detection ratio: 2 / 54
Analysis date: 2015-12-02 08:19:28 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Bkav W32.HfsAtITA.DC0A 20151201
Cyren W32/GenBl.48078BAF!Olympus 20151202
Ad-Aware 20151130
AegisLab 20151202
Yandex 20151201
AhnLab-V3 20151201
Alibaba 20151202
ALYac 20151202
Antiy-AVL 20151202
Arcabit 20151202
Avast 20151202
AVG 20151130
AVware 20151202
Baidu-International 20151201
BitDefender 20151202
ByteHero 20151202
CAT-QuickHeal 20151202
ClamAV 20151202
CMC 20151201
Comodo 20151202
DrWeb 20151202
Emsisoft 20151202
ESET-NOD32 20151202
F-Prot 20151202
F-Secure 20151202
Fortinet 20151202
GData 20151202
Ikarus 20151201
Jiangmin 20151201
K7AntiVirus 20151202
K7GW 20151202
Kaspersky 20151202
Malwarebytes 20151202
McAfee 20151202
McAfee-GW-Edition 20151202
Microsoft 20151202
eScan 20151202
NANO-Antivirus 20151202
nProtect 20151201
Panda 20151201
Qihoo-360 20151202
Rising 20151129
Sophos AV 20151202
SUPERAntiSpyware 20151202
Symantec 20151201
Tencent 20151202
TheHacker 20151127
TrendMicro 20151202
TrendMicro-HouseCall 20151202
VBA32 20151201
VIPRE 20151202
ViRobot 20151202
Zillya 20151201
Zoner 20151202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
MetalloSoft©

File version 1.0.0.0
Description RegTechy Registry Tool
Packers identified
F-PROT AutoIt, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-16 07:47:33
Entry Point 0x000B8B90
Number of sections 3
PE sections
Overlays
MD5 0d1e4a81ae374d6de04f6101f6d3d092
File type data
Offset 302080
Size 356759
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
SafeArrayUnaccessData
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_ICON 11
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 24
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
483328

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0xb8b90

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2010:04:16 08:47:33+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
RegTechy Registry Tool

OSVersion
5.0

FileOS
Win32

LegalCopyright
MetalloSoft

MachineType
Intel 386 or later, and compatibles

CodeSize
270336

FileSubtype
0

ProductVersionNumber
3.3.6.1

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 48078baf3ee3122466a5da3871e530f8
SHA1 51292ff57bd1f02aa947005b1ebe9260046b01bb
SHA256 03d6fc3a17a078665adc95b2812350f6e1c647524f464b01c88d92b5af8c383e
ssdeep
12288:/jkArEN249AyE/rbaMct4bO2/VJdwlB+oYWQrYAFj1hdem5d7Pm7CMOgrG:sFE//Tct4bOs6looMrYAx1hdz7Pbtgi

authentihash 35855744465d1ece1a84c806a41b17627dc7cddfa5aa710cf1f6f678917aacb5
imphash 77b2e5e9b52fbef7638f64ab65f0c58c
File size 643.4 KB ( 658839 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2013-12-08 22:38:15 UTC ( 3 years, 8 months ago )
Last submission 2016-10-19 03:15:14 UTC ( 10 months ago )
File names 03D6FC3A17A078665ADC95B2812350F6E1C647524F464B01C88D92B5AF8C383E.dat
RegTechy.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1019.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.