» uninstall.exe
Overview
Analysis
File Details
Programs (1)

uninstall.exe

iMedix Web Technologies LTD.

The application uninstall.exe by iMedix Web Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program vShare Plugin by vShare.tv, Inc.. It is also typically executed from the user's temporary directory.

File name:

uninstall.exe

Publisher:

iMedix Web Technologies LTD. (signed and verified)

MD5:

24701664aa7f2dd5e5342a427f9d8d04

SHA-1:

24a95f06dae9f2fe5c405bdc0f5c7b27f1f10261

SHA-256:

090f5928e917bcff434eef702a3d55562bfea3855b068f231c3f5bbb2f132f41

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 12:13:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.iMedixWebTechnologies (M)

16.2.12.4

File size:

112.5 KB (115,176 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\uninstall.exe

Digital Signature

Signed by:

iMedix Web Technologies LTD.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

8/20/2009 8:00:00 AM

Valid to:

8/21/2010 7:59:59 AM

Subject:

CN=iMedix Web Technologies LTD., O=iMedix Web Technologies LTD., L=Herzelia, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

37D630F3EA8B1E826E55ED00E2BAC2ED

File PE Metadata

Compilation timestamp:

6/16/2010 7:20:01 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:jjMXz70YNmJrpLYOf2tU7/6/BmP/VJokIDp9O8jS:XMj7gLFf2bBm3VJoXDpw

Entry address:

0x2CA2

Entry point:

E8, 25, 24, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 58, D0, 40, 00, E8, 20, 22, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, C8, 09, 41, 00, 03, 75, 43, 6A, 04, E8, 0F, 26, 00, 00, 59, 83, 65, FC, 00, 56, E8, 37, 26, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 58, 26, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, FB, 24, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 5C, 06, 41, 00, FF, 15, 60, B0, 40, 00, 85, C0, 75, 16, E8, A1, 06, 00... 
[+]

Entropy:

5.7435

Code size:

39 KB (39,936 bytes)

The file uninstall.exe has been discovered within the following program.

vShare Plugin by vShare.tv, Inc.

Publisher's description - “Easily embed videos from various Video Sharing sites like YouTube or Vimeo. This plugin allows you to embed flash video players from various video sharing sites. New services can be added by just editing a config file. This is not for displaying local video files.”

www.vshare.tv

42% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.