» desinstallation.exe
Overview
Analysis
File Details
Behaviors (1)

desinstallation.exe

PC SOFT INFORMATIQUE

The executable desinstallation.exe, “Désinstallation du Provider OLE DB pour HyperFileSQL” has been detected as malware by 4 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Provider OLE DB pour HyperFileSQL 32 bits.

File name:

desinstallation.exe

Publisher:

PC SOFT (signed by PC SOFT INFORMATIQUE)

Description:

Désinstallation du Provider OLE DB pour HyperFileSQL

Version:

15.0.0.9

MD5:

c45f930a4e9f2063376d8babd72a88aa

SHA-1:

60930f334d97ec543bae7d7f6ad97176ac68b87a

SHA-256:

d4e3181fc2a08e69468b29cb87ccfc54e4fac1ac280342830b7ab9744ff7294a

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

4/19/2024 11:52:37 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

HW32.Laneul

1.3.0.4959

Qihoo 360 Security

Malware.QVM07.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.9.17

Vba32 AntiVirus

TrojanDownloader.Agent.fjzm

3.12.16.0

File size:

818.1 KB (837,752 bytes)

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\Program Files\common files\pc soft\15.0\oledb\desinstallation.exe

Digital Signature

Signed by:

PC SOFT INFORMATIQUE

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

7/1/2010 2:00:00 AM

Valid to:

7/6/2011 1:59:59 AM

Subject:

CN=PC SOFT INFORMATIQUE, OU=Qualite, O=PC SOFT INFORMATIQUE, L=MONTPELLIER, S=Herault, C=FR

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

754DA4AE831E4D4446FA116C0A2BCD22

File PE Metadata

Compilation timestamp:

12/4/2009 12:19:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

12288:VrWRjEhNwLJDGGGqvmX3q824CliLOSxu7fmZQZn389CWekjyDXRIs6Hdv/Q:RwjEhNwlDGGRq3+diy4GnP+j+Xms6t/Q

Entry address:

0x116CC

Entry point:

55, 8B, EC, 6A, FF, 68, D8, 32, 41, 00, 68, 30, 18, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 84, 31, 41, 00, 59, 83, 0D, 94, A3, 41, 00, FF, 83, 0D, 98, A3, 41, 00, FF, FF, 15, 88, 31, 41, 00, 8B, 0D, AC, 9F, 41, 00, 89, 08, FF, 15, 8C, 31, 41, 00, 8B, 0D, A8, 9F, 41, 00, 89, 08, A1, 90, 31, 41, 00, 8B, 00, A3, 90, A3, 41, 00, E8, 9A, 75, FF, FF, 39, 1D, 50, 90, 41, 00, 75, 0C, 68, 06, 47, 40, 00, FF, 15, 94, 31... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

72 KB (73,728 bytes)

Program Uninstaller

Program name:

Provider OLE DB pour HyperFileSQL 32 bits

Uninstall string:

"C:\Program Files\Common Files\PC SOFT\15.0\OLEDB\Desinstallation.exe" /REG="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLEDB_HFSQL32" /REP="C:\Program Files\Common Files\P

Remove desinstallation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.