home

uninstall.exe

The executable uninstall.exe has been detected as malware by 39 anti-virus scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Internet Download Manager by Tonec Inc.. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server.
MD5:
288dc0936c6fc7853f89e7aea6fe5881

SHA-1:
40c5dc6e242709e47502f9294941df7c25a7a93d

SHA-256:
e7e8e5903c45f4dd1c8f7c37d44dd238f01be81031b2da2e996ccc0bb97c260f

Scanner detections:
39 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/16/2024 5:04:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Neshta.A
6764508

Agnitum Outpost
Win32.Neshta.A
7.1.1

AhnLab V3 Security
Win32/Neshta
2015.03.06

Avira AntiVirus
W32/Neshta.A
7.11.214.42

avast!
Win32:Apanas [Trj]
150303-0

AVG
Worm/Delf.FF
2014.0.4257

Baidu Antivirus
Virus.Win32.Neshta.$a
4.0.3.1536

Bitdefender
Win32.Neshta.A
1.0.20.325

Bkav FE
W32.NeshtaB.PE
1.3.0.6379

Clam AntiVirus
W32.Neshuta.A
0.98/21511

Comodo Security
Win32.Neshta.A
21311

Dr.Web
Win32.HLLP.Neshta
9.0.1.05190

Emsisoft Anti-Malware
Win32.Neshta
9.0.0.4799

ESET NOD32
Win32/Neshta.A virus
7.0.302.0

Fortinet FortiGate
W32/Neshta.A
3/6/2015

F-Prot
W32/HLLP.41472
4.6.5.141

F-Secure
Win32.Neshta.A
5.13.68

G Data
Win32.Neshta
15.3.25

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.200.15179

Kaspersky
Virus.Win32.Neshta
15.0.0.543

McAfee
Virus.W32/HLLP.41472.e
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.193.1887.0

MicroWorld eScan
Win32.Neshta.A
16.0.0.195

NANO AntiVirus
Virus.Win32.Neshta.cdby
0.30.0.296

Norman
Win32.Neshta.A
03.12.2014 13:20:04

nProtect
Virus/W32.Neshta
15.03.06.01

Panda Antivirus
W32/Neshta.A
15.03.06.05

Quick Heal
W32.Neshta.C8
3.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.6.5

Rising Antivirus
PE:Win32.Netsha.a!411233
23.00.65.15304

Sophos
Virus 'W32/Bloat-A'
5.11

Total Defense
Win32/Neshta.A
37.0.11479

Trend Micro House Call
PE_NESHTA.A
7.2.65

Trend Micro
PE_NESHTA.A
10.465.06

Vba32 AntiVirus
Virus.Win32.Neshta.a
3.12.26.3

VIPRE Antivirus
Threat.4276445
38050

ViRobot
Win32.Neshta.B[h]
2014.3.20.0

Zillya! Antivirus
Virus.Neshta.Win32.1
2.0.0.2089

File size:
216 KB (221,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\internet download manager\uninstall.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:sr85C/0H2KMa5yJdu3HIOmqqnsZdysdJzTFmbJcByIeCsw:k9/0F55tHI7ntsdHeJaJ

Entry address:
0x80E4

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40...
 
[+]

Entropy:
6.4375

Developed / compiled with:
Microsoft Visual C++

Code size:
29 KB (29,696 bytes)

Program Uninstaller
Program name:
Internet Download Manager

Display publisher:
Tonec Inc.

Uninstall string:
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe


Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.