» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Shareaza

Bandoo Media Inc

The application uninstall.exe, “Shareaza Uninstall” by Bandoo Media Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Shareaza by Bandoo Media Inc. This file is typically installed with the program Shareaza by Bandoo Media Inc which is a potentially unwanted software program.

File name:

uninstall.exe

Publisher:

Bandoo Media Inc (signed and verified)

Product:

Shareaza

Description:

Shareaza Uninstall

Version:

9.0.0.135178

MD5:

4dd0aaae4854f2606f68f8ddaf04337e

SHA-1:

4b5f2188fe459a123c250efef503b320bca85f44

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:

4/26/2024 6:07:54 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.BandooMedia.J

14.8.4.10

File size:

228.5 KB (233,992 bytes)

Product version:

9.0.0.135178

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\shareaza applications\shareaza\uninstall.exe

Digital Signature

Signed by:

Bandoo Media Inc

Authority:

Thawte, Inc.

Valid from:

2/8/2014 7:00:00 PM

Valid to:

10/5/2014 7:59:59 PM

Subject:

CN=Bandoo Media Inc, O=Bandoo Media Inc, L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

34D16C5DA8C64FA202CC6BDB73876214

File PE Metadata

Compilation timestamp:

5/30/2013 4:09:15 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:G6Tea0X47XePn9oNkc/e5M/WUL27cZH6i5+MHuR1pzV67UmsgFuHefitpEDR:qX47XeONR/7LscZzsV1pzV677noHKitc

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00... 
[+]

Entropy:

7.5167

Packer / compiler:

Nullsoft install system v2.x

Code size:

29.5 KB (30,208 bytes)

Program Uninstaller

Program name:

Shareaza

Display publisher:

Bandoo Media Inc

Display version:

9.0.0.135178

Uninstall string:

"C:\Program Files\Shareaza Applications\Shareaza\uninstall.exe"

The file uninstall.exe has been discovered within the following program.

Shareaza by Bandoo Media Inc

Publisher's description - “Shareaza is a peer-to-peer client for Windows that allows you to download any file-type found on several popular P2P networks. Shareaza can connect to up to 4 separate Peer-to-Peer networks, providing access to hundreds of thousands of diverse users, all from one single program.”

shareaza.sourceforge.net

65% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.