» unins000.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

unins000.exe

Super PC Tools Limited

The application unins000.exe by Super PC Tools Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Super Optimizer v3.2 by Super PC Tools ltd. While running, it connects to the Internet address bbc-vip115.telhc.bbc.co.uk on port 80 using the HTTP protocol.

File name:

unins000.exe

Publisher:

Super PC Tools Limited (signed and verified)

Description:

Setup/Uninstall

Version:

51.1052.0.0

MD5:

cb1b0f348043422581ea8f0eeed388a1

SHA-1:

82dca37b46b21c7be92dab0c0585213f86968b85

SHA-256:

10929c0c8636e777d893b01cfe15c4a7c66358fc36156107a26de795c76aa00a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 12:19:49 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PC Utilities.SuperPCTools.Installer (M)

15.7.11.0

File size:

1.2 MB (1,281,928 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\super optimizer\unins000.exe

Digital Signature

Signed by:

Super PC Tools Limited

Authority:

COMODO CA Limited

Valid from:

12/16/2014 8:00:00 PM

Valid to:

12/17/2015 7:59:59 PM

Subject:

CN=Super PC Tools Limited, OU=IT Department, O=Super PC Tools Limited, STREET="89 New Bond Street, 5th Floor", L=London, S=England W1S 1DA, PostalCode=W1S 1DA, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BB6EC488D02F4A9CB509ED84C4BAFE65

File PE Metadata

Compilation timestamp:

2/4/2013 2:24:58 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:Y8ZD0cX6W3hXFg1waKc6vkRxI3tKr6wZRZEIRaZQ1L5KduMx9cU:xBcSwg4IaRrKdLV

Entry address:

0x100004

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, C4, E1, 4F, 00, E8, 25, 8F, F0, FF, 6A, EC, A1, 20, 3D, 50, 00, 8B, 00, 8B, 98, 70, 01, 00, 00, 53, E8, C8, 9D, F0, FF, 25, 7F, FF, FF, FF, 50, 6A, EC, A1, 20, 3D, 50, 00, 53, E8, 1D, A0, F0, FF, 33, C0, 55, 68, 7F, 00, 50, 00, 64, FF, 30, 64, 89, 20, 6A, 01, E8, 60, 97, F0, FF, E8, AF, DE, FF, FF, A1, FC, DD, 4F, 00, 50, 68, 60, DE, 4F, 00, A1, 20, 3D, 50, 00, 8B, 00, E8, B4, BC, F7, FF, E8, 03, DF, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 19, E9, 5C, 46, F0, FF... 
[+]

Entropy:

6.4453

Developed / compiled with:

Microsoft Visual C++

Code size:

1019 KB (1,043,456 bytes)

Program Uninstaller

Program name:

Super Optimizer v3.2

Display publisher:

Super PC Tools ltd

Display version:

3.2.0.1

Uninstall string:

"C:\Program Files (x86)\Super Optimizer\unins000.exe" /VERYSILENT

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-24-5-45.us-west-2.compute.amazonaws.com (52.24.5.45:80)

TCP (HTTP):

Connects to bbc-vip115.telhc.bbc.co.uk (212.58.244.70:80)

Remove unins000.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.