» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

SpeedyBackup

SpeedyPC Software

This is a part of the SpeedyPC Pro software from ParetoLogic Inc (sometimes bundled through 3rd-party installers). The application uninstall.exe, “SpeedyBackup Installer” by SpeedyPC Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program SpeedyPC Software SpeedyBackup by SpeedyPC Software.

File name:

uninstall.exe

Publisher:

SpeedyPC Software Inc. (signed by SpeedyPC Software)

Product:

SpeedyBackup

Description:

SpeedyBackup Installer

Version:

2.0.4.0

MD5:

7c40d67d6a00ff3076b0e869bd632720

SHA-1:

122f604b412fa7dbe5f6ca04f7e1255ec2e7a6ca

SHA-256:

400dfd5fdc6bf767c0e3dc5094bcc770e2326a23ad7a8235406118e18f3e7eee

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:11:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.1.8.11

File size:

1.7 MB (1,811,040 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\speedypc software\speedybackup\uninstall.exe

Digital Signature

Signed by:

SpeedyPC Software

Authority:

GlobalSign nv-sa

Valid from:

10/4/2012 1:45:05 PM

Valid to:

10/5/2013 1:45:05 PM

Subject:

E=itgroup@paretologic.com, CN=SpeedyPC Software, OU=Paretologic Inc., O=SpeedyPC Software, L=Victoria, S=British Columbia, C=CA

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B885D7A3AB531E0BACD5D2AD1CBA6BEA

File PE Metadata

Compilation timestamp:

2/24/2012 1:20:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:20givalgl/QqaQeoxAZv4E9kaoLBRfrCpSuwLLFmh8i5:B7ilgl/FaQbxAZv4E95yBRf2RwLZA8i5

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

5.1353

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

Program Uninstaller

Program name:

SpeedyPC Software SpeedyBackup

Display publisher:

SpeedyPC Software

Display version:

2.0.4.0

Uninstall string:

C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\uninstall.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.