× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2dff11954e9f8d1a41332f3347bd4834f905712d28ce9e4e9ac7f50b3dd18ec
File name: Wise Registry Cleaner
Detection ratio: 0 / 55
Analysis date: 2015-04-25 10:04:07 UTC ( 3 years, 3 months ago )
Antivirus Result Update
Ad-Aware 20150430
AegisLab 20150430
Yandex 20150428
AhnLab-V3 20150429
Alibaba 20150430
ALYac 20150430
Antiy-AVL 20150430
Avast 20150430
AVG 20150430
AVware 20150430
Baidu-International 20150430
BitDefender 20150430
Bkav 20150425
ByteHero 20150430
CAT-QuickHeal 20150430
ClamAV 20150430
CMC 20150423
Comodo 20150430
Cyren 20150430
DrWeb 20150430
Emsisoft 20150430
ESET-NOD32 20150430
F-Prot 20150430
F-Secure 20150430
Fortinet 20150430
GData 20150430
Ikarus 20150430
Jiangmin 20150429
K7AntiVirus 20150430
K7GW 20150430
Kaspersky 20150430
Kingsoft 20150430
McAfee 20150430
McAfee-GW-Edition 20150430
Microsoft 20150430
eScan 20150430
NANO-Antivirus 20150430
Norman 20150429
nProtect 20150429
Panda 20150429
Qihoo-360 20150430
Rising 20150429
Sophos AV 20150430
SUPERAntiSpyware 20150430
Symantec 20150430
Tencent 20150430
TheHacker 20150429
TotalDefense 20150429
TrendMicro 20150430
TrendMicro-HouseCall 20150430
VBA32 20150429
VIPRE 20150430
ViRobot 20150430
Zillya 20150429
Zoner 20150429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
wisecleaner.com

Publisher ZhiQing Soft Ltd.
Product Wise Registry Cleaner Professional
Original name wiseregistrycleaner.exe
Internal name Wise Registry Cleaner
File version 6.1.4.383
Description Fix Windows Registry errors
Signature verification Certificate out of its validity period
Signers
[+] ZhiQing Soft Ltd.
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 7/26/2010
Valid to 12:59 AM 7/26/2013
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm SHA1
Thumbprint C77326BEAEC048B9DAFF454210E3DCF5B4C896AD
Serial number 00 90 C2 D8 27 29 70 01 F9 11 78 60 1B 21 64 10 7F
[+] WoSign Code Signing Authority
Status Valid
Issuer None
Valid from 1:00 AM 4/25/2007
Valid to 7:40 PM 7/9/2019
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22, Client Auth
Algorithm SHA1
Thumbprint EA36152981E296F9763E1DC74B3262D3928563F8
Serial number 42 CE 8A 30 D3 56 02 F8 41 18 6C 6E 20 53 19 04
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-08-16 07:52:05
Entry Point 0x00390A70
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RasEnumConnectionsW
RegSaveKeyW
ImageList_Add
GetSaveFileNameW
SaveDC
GetAdaptersInfo
WNetGetConnectionW
AlphaBlend
OleDraw
LresultFromObject
VariantCopy
SHGetMalloc
PathFileExistsW
VerQueryValueW
timeGetTime
Number of PE resources by type
RT_BITMAP 105
RT_STRING 25
RT_RCDATA 21
RT_GROUP_CURSOR 20
RT_CURSOR 20
RT_ICON 8
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 136
ENGLISH US 37
GERMAN 12
CHINESE SIMPLIFIED 11
RUSSIAN 8
PE resources
ExifTool file metadata
LegalTrademarks
wisecleaner.com

SubsystemVersion
5.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.4.383

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Fix Windows Registry errors

CharacterSet
Windows, Latin1

InitializedDataSize
57344

FileOS
Win32

EntryPoint
0x390a70

MIMEType
application/octet-stream

LegalCopyright
wisecleaner.com

FileVersion
6.1.4.383

TimeStamp
2011:08:16 08:52:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wise Registry Cleaner

ProductVersion
6.1

UninitializedDataSize
2502656

OSVersion
5.0

OriginalFilename
wiseregistrycleaner.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WiseCleaner.com

CodeSize
1236992

ProductName
Wise Registry Cleaner Professional

ProductVersionNumber
6.1.4.383

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fda8dd13a59fae8f9c7c2ba0061ebec5
SHA1 24427fcbd73720e0894825c15dc41cc847c708d8
SHA256 a2dff11954e9f8d1a41332f3347bd4834f905712d28ce9e4e9ac7f50b3dd18ec
ssdeep
24576:T5DWKXPrtWITa1565Tvqno06bQq46QPXNg6Uccv2HuXsu24f3BMP:tpEIT0+Qd6bQv6Q/N3Ucc+Oc4ZMP

authentihash f15befec9d49c2b9a0eea25085f34a8f32602680773a13b54a216d9be04b8bc4
imphash 5a7f16314738d8e862980676210b0bba
File size 1.2 MB ( 1296416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe signed upx

VirusTotal metadata
First submission 2011-08-17 17:01:57 UTC ( 7 years ago )
Last submission 2013-08-27 19:21:25 UTC ( 4 years, 11 months ago )
File names wiseregistrycleaner.exe
smona131378379591948807474
WiseRegCleaner.exe
Wise Registry Cleaner
smona131438558998111221231
file-2685853_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!