PUA

PUP.Optional.RegistryReviver malicious file

Malware Removal

The PUP.Optional.RegistryReviver is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUP.Optional.RegistryReviver virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine PUP.Optional.RegistryReviver?


File Info:

name: 5D9B6777DF1A6FDD71B9.mlw
path: /opt/CAPEv2/storage/binaries/6d51b6f7427d0cd8e8131f9a667ba7f80f309c3bf0c5ded57725833e1af091f5
crc32: DCDA820D
md5: 5d9b6777df1a6fdd71b91f544bd882b1
sha1: 10e5758a5546e20bc941bfe4c85ed5165f71d2a2
sha256: 6d51b6f7427d0cd8e8131f9a667ba7f80f309c3bf0c5ded57725833e1af091f5
sha512: 0515de4d428a377a565958f14fb987538d0bb8400777dde6e0834834000f78f48b348d6c22693dd4e0010006c4b74c747239b4b6bbb945ce50f3f8ae872f608f
ssdeep: 98304:t4AhXWVrc4DtyCRrt9t3+OSukVHpZ0cUTLGrSphyUpj:t4CXArck5wO5TLGrIkUpj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11A1622A05C1248FFD25F4BBE9D5DB87D255F5C7EFED36328096A320A88337201AC9526
sha3_384: 28b22b2445e7fb4a74d14d4b713b5356587022d794669fe1a582231f195209d99906322ac4eee7d0450a02a10eb9a478
ep_bytes: 81ecd4020000535556576a2033ed5e89
timestamp: 2010-04-10 12:19:31

Version Info:

CompanyName: ReviverSoft LLC
FileDescription: Registry Reviver installer
FileVersion: 4.0.1.18
InternalName: RegistryReviver.exe
LegalCopyright: Copyright © 2011 ReviverSoft LLC. All Rights Reserved.
ProductName: Registry Reviver
ProductVersion: 4.0.1.18
Translation: 0x0409 0x0000

PUP.Optional.RegistryReviver also known as:

CylanceUnsafe
ESET-NOD32a variant of Win64/RegistryReviver.B potentially unwanted
RisingPUA.RegistryReviver!8.E6F (CLOUD)
DrWebProgram.Unwanted.712
VBA32BScope.Trojan.Occamy
MalwarebytesPUP.Optional.RegistryReviver
IkarusPUA.RegistryReviver

How to remove PUP.Optional.RegistryReviver?

PUP.Optional.RegistryReviver removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment