» iobituninstaller_beta.exe
Overview
Analysis
File Details
Downloads (5)

iobituninstaller_beta.exe

IObit Uninstaller

IObit Information Technology

This is a self-extracting archive and installer. The file has been seen being downloaded from www.majorgeeks.com and multiple other hosts.

File name:

Publisher:

IObit (signed by IObit Information Technology)

Product:

IObit Uninstaller

Version:

5.0.0.49

MD5:

56c172da225414b8002d08cf3cc3042f

SHA-1:

2dbbebffacbb4b2f17f56016ef8bc0e0d800825d

SHA-256:

78b14656f0a353a55e5ea6177582935c1b2196e4b4483c243330b6a2161d3ea4

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/23/2024 2:34:51 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Program.Unwanted.276

9.0.1.0176

G Data

Win32.Adware.iObit

15.6.25

Rising Antivirus

PE:Trojan.Win32.FakeAV.bsj!1075358218

23.00.65.15623

File size:

9.4 MB (9,894,176 bytes)

Product version:

5.0.0.0

Trademarks:

IObit

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

IObit Information Technology

Authority:

VeriSign, Inc.

Valid from:

1/15/2013 1:00:00 AM

Valid to:

2/15/2016 12:59:59 AM

Subject:

CN=IObit Information Technology, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IObit Information Technology, L=Chengdu, S=Sichuan, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

11CADAF29DA4C3CB113BF1877B120103

File PE Metadata

Compilation timestamp:

6/25/2015 10:28:43 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:SDHPUzdPs2kKYUke8WYDmG5ix8W109NXMvOFKK4TzrHfabdR3iL0LaOl:S7+ds2sUp/Y6G5iWW109SOv43bfaXiL0

Entry address:

0xECE34

Entry point:

55, 8B, EC, 83, C4, F0, B8, C0, B4, 4E, 00, E8, 9C, BE, F1, FF, 33, C0, 55, 68, BF, CE, 4E, 00, 64, FF, 30, 64, 89, 20, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 68, D8, CE, 4E, 00, 33, C9, BA, 08, CF, 4E, 00, B8, 7C, CF, 4E, 00, E8, 74, C2, FD, FF, A1, B4, 5D, 4F, 00, 8B, 00, E8, 8C, 6F, FB, FF, A1, B4, 5D, 4F, 00, 8B, 00, BA, D8, CE, 4E, 00, E8, 0B, 6A, FB, FF, 8B, 0D, DC, 5B, 4F, 00, A1, B4, 5D, 4F, 00, 8B, 00, 8B, 15, 80, 9C, 4E, 00, E8, 7B, 6F, FB, FF, A1, B4, 5D, 4F, 00, 8B, 00, E8, BF, 70, FB, FF, 33, C0, 5A... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

942.5 KB (965,120 bytes)

The file iobituninstaller_beta.exe has been seen being distributed by the following 5 URLs.

http://www.majorgeeks.com/index.php?ct=files&action=download&PHPSESSID=tdki1qnd78k25dplrfv44m8se0

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://external.comss.ru/url.php?url=http://dl4.comss.ru/.../iobituninstaller_beta.exe

http://files1.majorgeeks.com/7fd29ee0cb4b910d96d0ef86f16c8854/.../iobituninstaller_beta.exe

http://www.iobit.com/downloadcenter.php?product=iu5-beta

Scan iobituninstaller_beta.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.