home

AppRemover.exe

AppRemover

OPSWAT, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from onedrive.live.com and multiple other hosts.
Publisher:
OPSWAT, Inc.  (signed and verified)

Product:
AppRemover

Version:
3.1.34.1

MD5:
45b4819a41db0f6a5094b2977f5d81c4

SHA-1:
15f3f654953ed31cdc4225a1744dc76a6ceed901

SHA-256:
0f4eff918961e89847202b8e31993edbe73817b325dcd9122b25dfff5507b692

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 8:24:41 AM UTC  (today)

File size:
11.5 MB (12,019,984 bytes)

Product version:
3.1.34.1

Copyright:
© OPSWAT, Inc. All rights reserved.

Original file name:
AppRemover.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\appremover.exe

Digital Signature
Signed by:
OPSWAT, Inc.

Authority:
Symantec Corporation

Valid from:
6/2/2015 3:00:00 AM

Valid to:
9/1/2018 2:59:59 AM

Subject:
CN="OPSWAT, Inc.", O="OPSWAT, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1CA9CC01747A11B1EAAF103C8D9A9E6C

File PE Metadata
Compilation timestamp:
7/20/2009 11:15:43 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:xUHxqjPM/7dMJNc25C1elHopwYsawRcNByxnNqR2ifmoo55Od44FYN1CpMYcbH:KHUEdMJNcelHopwYVccNBsER1moo5kZm

Entry address:
0xA794

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 54, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, E2, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, C1, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 30, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 34, 22, 41, 00, 8D, 45, E4...
 
[+]

Code size:
66 KB (67,584 bytes)

The file AppRemover.exe has been seen being distributed by the following 16 URLs.

https://onedrive.live.com/download.aspx?cid=B85131B7E316A67F&authKey=!APGiJUbxaMVMXCY&resid=B85131B7E316A67F!65966&ithint=.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&PHPSESSID=l2fgfteluhm00plc7854vvpa02

http://www.majorgeeks.com/index.php?ct=files&action=download&

https://dw.uptodown.com/dwn/3sP-0gNuop3rHRzdZbSqXIAihH1FNsLetugUW24eTbCtIrN9qKx88yruKjhjzzAlHX_XLzHyaFf18vtG59c23jfraEv68hlpWTYv9gfYCxy6wQ1SCkfcsxya3arXIlUb/hifymzlItQVln7uBw2fBfl8WopdIOC4IYIqfJ3DLT2gHcJJmc3MKhCK-CuFkQhXGXPZyJoZOks54X46lskdpwcwlS_5ff19zL-jjq7losNGaW6qEdVDH28Sn3t7ARxWM/KO_ZHLvvgISnq-RuZ78S2W5FzRFkd_bRKqWNM_uJqMPmBCNw9ti_xOtZ8CvKyTr-7RtmhSvZ0J-j7g4dTYgVdOOMltENl0uJTIxaNWVI5xTwryRF7iZb1yLhTffoNQY1/.../

https://onedrive.live.com/download.aspx?cid=B85131B7E316A67F&authKey=!APGiJUbxaMVMXCY&resid=B85131B7E316A67F!65966&canary=zjOW2EOrvBFnbo89HgPKG7wh e9g6OeCzuv24UIL5O4=7&ithint=.exe

http://lb.cdn.m6web.fr/d/c/a/11218827884a43f478c858bb84906bcc/57a7cbc8/soft/.../appremover_3-1-34-1_fr_309114.exe

http://lb.cdn.m6web.fr/d/c/a/6a0149e4727b8407edd55f7be87c5f73/577bf7e8/soft/.../appremover_3-1-34-1_fr_309114.exe

http://lb.cdn.m6web.fr/d/c/a/ac3e5a882518d62c972c69105b08e86f/5781cef6/soft/.../appremover_3-1-34-1_fr_309114.exe

http://lb.cdn.m6web.fr/d/c/a/4645de8b0722ef4a70980fb2002f04d4/56680c06/soft/.../appremover_3-1-34-1_fr_309114.exe

http://external.comss.ru/url.php?url=http://dl4.comss.ru/.../AppRemover.exe

http://lb.cdn.m6web.fr/d/c/a/89743a642bac79bfc7ee3dd0e63179b4/571d48d9/soft/.../appremover_3-1-34-1_fr_309114.exe

http://dw.uptodown.com/dwn/81gJe_08MU4BDxRFVUx3juc1RC5wmK6E7ECDkQGhjg98pE6ZLr_L9QMN5YX0B2_spi9s8PnFF4BTbF3UC55mJtxDQKYDySDdkUDiS8qd-NK69hacjJa35QZc2RWZcu2x/p5ii5PYJrG1xvdw8l9ssAEGj6uw8se7fYipU6bdTi_Y67CaSEi9a5DrTH4C6rEzjhbXo-Dg7Fh-zCnherVtda3tyZRoRCI_iYM11z3qoc60XolHTouN0PZ4WIZlVdbp_/.../

http://software.thaiware.com/download_url.php?id=11083

http://www.appremover.com/.../windows

http://www.appremover.com/.../appremover.exe

http://software.opswat.com/.../AppRemover.exe

Scan AppRemover.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.