» desinstallation.exe
Overview
Analysis
File Details
Behaviors (1)

desinstallation.exe

PC SOFT

The executable desinstallation.exe, “Désinstallation du Provider OLE DB pour HyperFileSQL” has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Provider OLE DB pour HyperFileSQL 32 bits.

File name:

desinstallation.exe

Publisher:

PC SOFT (signed and verified)

Description:

Désinstallation du Provider OLE DB pour HyperFileSQL

Version:

15.0.0.9

MD5:

a8c0e1ee984420132a6e52cb646804b5

SHA-1:

5cb63ff998181bdf2c32bcc6ad73f335393205f7

SHA-256:

6a45854484485197fbcf7bcd0d2ca17470ac0ccb2717a04332da8ecbd3dcfc6e

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/25/2024 9:28:55 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.2.8.11

File size:

818.2 KB (837,832 bytes)

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\Program Files\common files\pc soft\15.0\oledb\win32x86\desinstallation.exe

Digital Signature

Signed by:

PC SOFT

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

5/20/2009 4:19:36 PM

Valid to:

7/5/2010 6:51:05 PM

Subject:

CN=PC SOFT, OU=Provided by TBS INTERNET http://www.tbs-certificats.com/, OU=Service Qualité, O=PC SOFT, L=Montpellier, S=Herault, C=FR

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

410DF37D906544F8E0EF15188806FCB4

File PE Metadata

Compilation timestamp:

12/4/2009 12:19:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

12288:7rWRjEhNwLJDGGGqvmX3q824CliLOSxu7fmZQZn389CWekjyDXRIs6Hdv/W:HwjEhNwlDGGRq3+diy4GnP+j+Xms6t/W

Entry address:

0x116CC

Entry point:

55, 8B, EC, 6A, FF, 68, D8, 32, 41, 00, 68, 30, 18, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 84, 31, 41, 00, 59, 83, 0D, 94, A3, 41, 00, FF, 83, 0D, 98, A3, 41, 00, FF, FF, 15, 88, 31, 41, 00, 8B, 0D, AC, 9F, 41, 00, 89, 08, FF, 15, 8C, 31, 41, 00, 8B, 0D, A8, 9F, 41, 00, 89, 08, A1, 90, 31, 41, 00, 8B, 00, A3, 90, A3, 41, 00, E8, 9A, 75, FF, FF, 39, 1D, 50, 90, 41, 00, 75, 0C, 68, 06, 47, 40, 00, FF, 15, 94, 31... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

72 KB (73,728 bytes)

Program Uninstaller

Program name:

Provider OLE DB pour HyperFileSQL 32 bits

Uninstall string:

"C:\Program Files\Common Files\PC SOFT\15.0\OLEDB\Win32x86\Desinstallation.exe" /REG="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLEDB_HFSQL32" /REP="C:\Program Files\Commo

Remove desinstallation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.