Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Registry Helper

PUP.Registry Helper

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 2,371
Threat Level: 10 % (Normal)
Infected Computers: 3,819
First Seen: June 18, 2015
Last Seen: February 6, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove PUP.Registry Helper

File System Details

PUP.Registry Helper may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. RegistryHelperSetup-EN.exe 11ba5c09f847b6efa14a8ea2dff02a69 296
2. RegistryHelper.exe 0bf694c5f2f99147922e18ade16f8ed7 295

Analysis Report

General information

Family Name: PUP.Registry Helper
Signature status: No Signature

Known Samples

MD5: 0c20d3d9dc8d6d7dbd92b29f7faaf04a
SHA1: 2cb90cc439b0984876624d62c7a51f7cf0392402
SHA256: 2BB9556FFEB48A95A596B28CB7331739C78DD71B2C4CF1D9982AF012429B661A
File Size: 1.13 MB, 1133493 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • English/German/Russian/French/Korean/Dutch/Spanish/Italian/Polish UI
  • [9 языков интерфейса]
Company Name
  • SNC
File Description
  • Registry Trash Keys Finder
  • TrashReg, особый инструмент очистки Реестра
File Version
  • 3.9.4.0
Internal Name
  • TrashReg
Legal Copyright
  • ©2002-2017 Alexander Asyabrik aka Shura
  • ©2002-2017 Александр Асябрик aka Shura
Original Filename
  • TrashReg.exe
Product Name
  • Registry Trash Keys Finder
Product Version
  • 3.9.4.0

File Traits

  • 2+ executable sections
  • HighEntropy
  • upx
  • vb6
  • x86

Block Information

Total Blocks: 270
Potentially Malicious Blocks: 1
Whitelisted Blocks: 261
Unknown Blocks: 8

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 x ? ? ? 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\~sfx00000640\backups Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20210917174410].reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20210917174410].reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20210917174411].reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20210917174411].reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20211112175301].reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20211112175301].reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20211127120102].reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20211127120102].reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20230719123502].reg Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\~sfx00000640\backups\[20230719123502].reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\disablenewsearches.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\disablenewsearches.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\file_id.diz Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\file_id.diz Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\help Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\help\rtkf_deu.chm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\help\rtkf_deu.chm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\help\rtkf_eng.chm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\help\rtkf_eng.chm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\help\rtkf_esp.chm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\help\rtkf_esp.chm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\help\rtkf_rus.chm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\help\rtkf_rus.chm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\lastsettings.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\lastsettings.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\readme.deu.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\readme.deu.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\readme.eng.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\readme.eng.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\readme.esp.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\readme.esp.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\readme.rus.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\readme.rus.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\rtkf_uninst.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\rtkf_uninst.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\trashreg.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\trashreg.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~sfx00000640\trashregx64.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~sfx00000640\trashregx64.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\app paths\trashregx64.exe:: c:\users\hjxfsxsk\appdata\local\temp\~sfx00000640\trashregx64.exe RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\app paths\trashregx64.exe::path C:\Users\Hjxfsxsk\AppData\Local\Temp\~sfx00000640 RegNtPreCreateKey
Show More
HKLM\software\snc\rtkf::install_dir c:\users\hjxfsxsk\appdata\local\temp\~sfx00000640 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecuteEx
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

(NULL) C:\Users\Hjxfsxsk\AppData\Local\Temp\~sfx00000640\TrashRegX64.exe

Trending

Most Viewed

Loading...