» ext_piccshare_uninst.exe
Overview
Analysis
File Details
Behaviors (1)

ext_piccshare_uninst.exe

HTTO GROUP Ltd

The application ext_piccshare_uninst.exe by HTTO GROUP has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program PiccShare by HTTO Group Ltd.

File name:

Publisher:

HTTO GROUP Ltd (signed and verified)

MD5:

b31b3f3d4cdab074aefab06d9487f27d

SHA-1:

cd540ac2b3b6d6844079a175fd2ac49368cf3f3c

SHA-256:

3311c3182918bbe4d70661dddf045ae76ea9ea059970e5810be4fb2d3904ad23

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/25/2024 1:08:47 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.2975

Bkav FE

W32.HfsAdware

1.3.0.6979

ESET NOD32

Win32/Adware.Snoozer (variant)

9.11993

Malwarebytes

PUP.Optional.HTTOGROUP.A

v2015.09.25.08

Reason Heuristics

PUP.HTTOGROUP.Installer (M)

15.9.25.20

File size:

43.1 KB (44,144 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\ext_piccshare_uninst.exe

Digital Signature

Signed by:

HTTO GROUP Ltd

Authority:

GlobalSign nv-sa

Valid from:

6/7/2012 8:34:46 AM

Valid to:

6/8/2013 8:34:46 AM

Subject:

CN=HTTO GROUP Ltd, O=HTTO GROUP Ltd, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11215406F83784DB7388225378818F7FF3A2

File PE Metadata

Compilation timestamp:

12/5/2009 7:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:0HJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJYt1Qmv/ZL/gC0e6Rt:0pgpHzb9dZVX9fHMvG0D3XJYt1QmvBcf

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Program Uninstaller

Program name:

PiccShare

Display publisher:

HTTO Group Ltd

Display version:

2.0

Uninstall string:

C:\users\{user}\appdata\local\ext_piccshare_uninst.exe

Remove ext_piccshare_uninst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.