» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

RegCure Pro

Paretologic Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program RegCure Pro by ParetoLogic, Inc..

File name:

uninstall.exe

Publisher:

ParetoLogic, Inc. (signed by Paretologic Inc.)

Product:

RegCure Pro

Version:

3.2.15.0

MD5:

f35f39214dd2fd9cdb07bd3c392cbbcd

SHA-1:

327ed07667c294313184fc5a7b972ca9dcbea354

SHA-256:

12bc77f0da16d9d4671e115d1283189b0c65c44908fceee9aafd4ce954aaf09e

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/23/2024 7:27:56 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

riskware program Program.Unwanted.689

9.0.1.05190

Trend Micro House Call

Suspicious_GEN.F47V0109

7.2.344

Trend Micro

TROJ_GEN.F0C2C00EF15

10.465.10

File size:

265.3 KB (271,640 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\paretologic\regcure pro\uninstall.exe

Digital Signature

Signed by:

Paretologic Inc.

Authority:

GlobalSign nv-sa

Valid from:

2/25/2013 2:53:32 PM

Valid to:

2/26/2015 2:53:32 PM

Subject:

CN=Paretologic Inc., OU=Paretologic Inc., O=Paretologic Inc., L=Victoria, S=British Columbia, C=CA

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121F9945D68B6DFDD557292B63C5A3015E1

File PE Metadata

Compilation timestamp:

2/24/2012 12:20:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:u5BuYAVrgUCPnKIpL8/lMoNLrn8Nkh/T+n6vEn1/ZnEl4Fst9nFmJZNEo3HoVw3p:u50gUCiOMnn8NkhW/l84FstFFmP5qwV

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

5.9783

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

Program Uninstaller

Program name:

RegCure Pro

Display publisher:

ParetoLogic, Inc.

Display version:

3.2.15.0

Uninstall string:

C:\Program Files (x86)\ParetoLogic\RegCure Pro\uninstall.exe

Scan uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.