» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Softacular

The application uninstall.exe by Softacular has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Rockettab by Rockettab.

File name:

uninstall.exe

Publisher:

Softacular (signed and verified)

Version:

1.0.5410.12810

MD5:

2797d0c32c9a29fe0e98733ee5633b96

SHA-1:

4c0a14b8650faf81e8ba53d5971a4d64dad37ee2

SHA-256:

6dc0af3b7003280b169e2d9fdc7bd38d6ad52dec7892a835604a311dd03441c3

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

5/19/2024 9:06:39 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Softacular

2015.0.3308

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.Softacular

15.6.13.10

VIPRE Antivirus

AdKnowledge

34232

File size:

3.8 MB (3,941,600 bytes)

Product version:

1.0.5410.12810

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\search extensions\uninstall.exe

Digital Signature

Signed by:

Softacular

Authority:

COMODO CA Limited

Valid from:

3/23/2014 6:00:00 PM

Valid to:

3/24/2015 5:59:59 PM

Subject:

CN=Softacular, O=Softacular, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

753A79B32D5A96BF1872FDE1AC60DEEA

File PE Metadata

Compilation timestamp:

10/24/2014 2:07:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:DRzITJPwLJVJeTo46a93JYzUKK4BwNNw7b3fkN9wNNxvw4CY2ktQsYjTtw6oI:DR8NoLPJDkZdKK4BR3fsaHn2pR1oI

Entry address:

0x3B83D4

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 84, A1, 00, 80, 10, 00, 00, 00, D4, A1, 00, 80, 18, 00, 00, 00, 8C, A4, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 48, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.6856

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.7 MB (3,892,224 bytes)

Program Uninstaller

Program name:

Rockettab

Display publisher:

Rockettab

Uninstall string:

"C:\Program Files (x86)\Search Extensions\uninstall.exe" /u=true /UserID=43012777-0da3-4ec4-aba5-6c5f3073df1d /SourceID=browsersafeguard-rockettab-verti /ImplementationID=browsersafeguard-rockettab-ve

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.