» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

360 Amigo System SpeedUp

Business Bakers

The application uninstall.exe by Business Bakers has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program 360 Amigo System Speedup Free by 360 Amigo System SpeedUp.

File name:

uninstall.exe

Publisher:

360Amigo (signed by Business Bakers)

Product:

360 Amigo System SpeedUp

Version:

1.2.0.9800

MD5:

db5f409013ed8c016e012f2ac5bf6803

SHA-1:

4c057cd45156f7fbade455901c8385efcb4b643a

SHA-256:

cc9af79b46522d0e98523ae03ab79f884f5e2d1c5912e1778ce9ca9d9504a23b

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 3:19:04 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Trojan.Win32.360Amigo

4.0.3.1618

ESET NOD32

Win32/360Amigo (variant)

10.7860

Reason Heuristics

Win32.Generic

16.1.8.14

Sophos

Sus/Scribble-B

4.84

File size:

2.2 MB (2,309,704 bytes)

Product version:

1.2

Trademarks:

360Amigo

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\Program Files\360amigo\uninstall.exe

Digital Signature

Signed by:

Business Bakers

Authority:

VeriSign, Inc.

Valid from:

7/29/2010 9:00:00 PM

Valid to:

7/30/2011 8:59:59 PM

Subject:

CN=Business Bakers, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Business Bakers, L=Helsinki, S=Helsinki, C=FI

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

71346AFF5AC5D072DC31F7DC3A872308

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:ogLepYjGyUenUSSwcxF7OWnBNBszftph+S0DqsPN1TbGHlBTdTo2HOU3:GpYjt1ZYF9nBQzVCSoqsrTbalBB8aOY

Entry address:

0x648001

Entry point:

60, E9, 3D, 04, 00, 00, E9, 25, 05, 01, 01, EC, 01, BC, 31, 3A, 45, 01, 04, DE, 2C, 9E, D1, 40, 45, 01, 84, BE, FD, 4A, 45, 01, 01, 8A, 9E, FD, 4A, 45, 01, 10, 86, 67, 04, 01, 01, C8, 86, 34, 3A, 45, 01, 01, 01, 01, 01, 8E, 86, 05, 4B, 45, 01, 51, 00, 96, 01, 4C, 45, 01, 8A, 86, 01, 4B, 45, 01, 8C, F9, 8E, 9E, 12, 4B, 45, 01, 54, 51, 00, 96, FD, 4B, 45, 01, 8A, 86, FD, 40, 45, 01, 8E, 9E, 1F, 4B, 45, 01, 54, 58, 00, 96, FD, 4B, 45, 01, 8A, 86, 01, 41, 45, 01, 8E, 86, B6, 3A, 45, 01, 00, E1, 95, A5, 0B, 01... 
[+]

Entropy:

7.9959

Packer / compiler:

ASProtect v1.1

Code size:

678 KB (694,272 bytes)

Program Uninstaller

Program name:

360 Amigo System Speedup Free

Display publisher:

360 Amigo System SpeedUp

Display version:

1.2.0.9800

Uninstall string:

C:\Program Files\360Amigo\Uninstall.exe /REMOVE

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.