» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

SettingsManager

AZTEC MEDIA INC.

The application uninstall.exe, “Settings Manager Uninstall” by AZTEC MEDIA INC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Settings Manager by Aztec Media Inc.. This file is typically installed with the program Settings Manager by Aztec Media Inc. which is a potentially unwanted software program.

File name:

uninstall.exe

Publisher:

AZTEC MEDIA INC. (signed and verified)

Product:

SettingsManager

Description:

Settings Manager Uninstall

Version:

5.0.0.10572

MD5:

fda6ea0ab00b72a3e873634360b4b4e9

SHA-1:

40472fceb1122fad42553ca13570253955779b58

SHA-256:

540a728e450bc331678d5efdd3ddb2ea5aaa06f3e525458a41666ac9e7212ec8

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/27/2024 2:50:55 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Bandoo (M)

16.10.4.3

File size:

111.5 KB (114,152 bytes)

Product version:

5.0.0.10572

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\settings manager\systemk\uninstall.exe

Digital Signature

Signed by:

AZTEC MEDIA INC.

Authority:

Thawte, Inc.

Valid from:

5/18/2013 7:00:00 PM

Valid to:

5/19/2015 6:59:59 PM

Subject:

CN=AZTEC MEDIA INC., OU=Development, O=AZTEC MEDIA INC., L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

546A239CA30D7A98B656DADCE4AA28E0

File PE Metadata

Compilation timestamp:

5/30/2013 3:09:10 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:KMK/+9r7pkbu6/26gDjQAbQPnxMcB8HgWrB8S0SBoHuNuTPRDFT2bx52cpsLt84G:hBibFg/QaQPnxML/2SOQcpJascqLW4Hm

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A1, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, B8, 3E, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 3D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, A3, 40, 00, FF, 15, 80, 91, 40, 00, 68, 04, A3, 40, 00, 68, C0, BD, 46, 00, E8, 8F, 27, 00, 00, FF, 15, B4, 90, 40, 00, 50, BF, A0, 40, 4C, 00, 57, E8, 7D, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28.5 KB (29,184 bytes)

Program Uninstaller

Program name:

Settings Manager

Display publisher:

Aztec Media Inc.

Display version:

5.0.0.10572

Uninstall string:

C:\Program Files (x86)\Settings Manager\systemk\Uninstall.exe /browser=all

The file uninstall.exe has been discovered within the following program.

Settings Manager by Aztec Media Inc.

This is a web browser search and home page modifier (hijacker) application that is designed to install a browser add-on and modify the browsers settings in order to direct search revenue. By default the program will change the search provider to default-search.

www.linkeyproject.com

80% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.