» uninst_vaccineclass.exe
Overview
Analysis
File Details
Behaviors (1)

uninst_vaccineclass.exe

vaccineclass

Akorea

The application uninst_vaccineclass.exe, “vaccineclassuninstaller” by Akorea has been detected as adware by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program vaccineclass by UCF.

File name:

Publisher:

Akorea (signed and verified)

Product:

vaccineclass

Description:

vaccineclassuninstaller

Version:

1, 0, 0, 1

MD5:

67f3262ca5929c078cccdfad83fa6864

SHA-1:

d40f8aeb6fff263b426a827f741b50124dd21eb1

SHA-256:

6ffcb74e7905e3d42737952ef1c8ded6b6e5b750d38e65c6c17ebb03428b88b0

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/26/2024 7:59:18 PM UTC (today)

Scan engine

Detection

Engine version

Bitdefender

Gen:Variant.Adware.Graftor.Elzob.4038

1.0.20.1650

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.Elzob.4038

8.15.11.26.10

ESET NOD32

Win32/Adware.Kraddare.CB (variant)

9.8282

G Data

Gen:Variant.Adware.Graftor.Elzob.4038

15.11.22

McAfee

FakeAlert-Kraddare.g

5600.6570

MicroWorld eScan

Gen:Variant.Adware.Graftor.Elzob.4038

16.0.0.990

Panda Antivirus

Generic Malware

15.11.26.10

Reason Heuristics

PUP.Akorea.Installer (M)

15.11.26.10

SUPERAntiSpyware

Trojan.Agent/Gen-FraudScan

9484

File size:

146 KB (149,528 bytes)

Product version:

1, 0, 0, 1

Original file name:

uninst_vaccineclass.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\vaccineclass\uninst_vaccineclass.exe

Digital Signature

Signed by:

Akorea

Authority:

Thawte, Inc.

Valid from:

5/5/2012 9:00:00 AM

Valid to:

7/5/2013 8:59:59 AM

Subject:

CN=Akorea, O=Akorea, L=Haeundae-gu, S=BUSAN, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2FAE031CEAF57B56615A3998DEB1D1FD

File PE Metadata

Compilation timestamp:

3/18/2013 9:47:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:cfDQVHMCQiwh9bwOg39sgrH/zWruUfuVQIRnRahAplXF6fgEh1GKDX:k4HHOHbM/zWvSQIRbHXIfVhYKz

Entry address:

0xBB520

Entry point:

60, BE, 00, A0, 49, 00, 8D, BE, 00, 70, F6, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8618

Packer / compiler:

UPX 2.90LZMA

Code size:

136 KB (139,264 bytes)

Program Uninstaller

Program name:

vaccineclass

Display publisher:

UCF

Display version:

1.2

Uninstall string:

C:\Program Files\vaccineclass\uninst_vaccineclass.exe

Remove uninst_vaccineclass.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.