» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Application Manager

ForwardTech Inc

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application uninstall.exe by ForwardTech Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program PC Performer Manager. This file is typically installed with the program PC Performer Manager by Performersoft Inc which is a potentially unwanted software program.

File name:

uninstall.exe

Publisher:

PerformerSoft LLC (signed by ForwardTech Inc)

Product:

Application Manager

Version:

2,5,945,13

MD5:

c902b94d2e25d979d76448399a46f382

SHA-1:

4e8a5c9cf811d2303155e043459bcbe8fb528c5c

SHA-256:

e0618d2a4ad1591bd1a7744b908a370d5c19ca2cb658054986f264a2caa06ff6

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 9:18:47 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Performersoft.ForwardTech (M)

16.2.7.2

File size:

2.3 MB (2,428,960 bytes)

Product version:

2,5,945,13

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\pc performer manager\2.5.945.13\{fc772784-ef6f-4718-83f3-3d6f8a22fa66}\uninstall.exe

Digital Signature

Signed by:

ForwardTech Inc

Authority:

GoDaddy.com, Inc.

Valid from:

9/11/2012 10:46:30 PM

Valid to:

9/11/2015 10:46:30 PM

Subject:

CN=ForwardTech Inc, O=ForwardTech Inc, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07BCB9E09D11D2

File PE Metadata

Compilation timestamp:

11/26/2012 5:10:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:sSoH2PiBR3wr8xau76EXBvsciD941FSyR3iTC+Smd0RIpv/eAfchIDW5:I9BR3woxH76cScimji/eAfU

Entry address:

0xDD098

Entry point:

E8, CB, E4, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 26, 20, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 75, 14, E8, 42, 3A, 00, 00, C7, 00, 16, 00, 00, 00, E8, CD, 7C, 00, 00, 33, C0, EB, 17, 0F, B6, 06, 50, E8, 69, E5, 00, 00, 46, 59, 85, C0, 74, 06, 80, 3E, 00, 74, 01, 46, 8B, C6, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 51, 51, A1, 90, F0, 60, 00, 33, C5, 89, 45, FC, 53, 56, 8B, F1, 33, DB, 57, 3B, F3... 
[+]

Entropy:

6.6229

Code size:

1.6 MB (1,657,856 bytes)

Program Uninstaller

Program name:

PC Performer Manager

Uninstall string:

"C:\ProgramData\PC Performer Manager\2.5.945.13\{fc772784-ef6f-4718-83f3-3d6f8a22fa66}\uninstall.exe" /Uninstall /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} /o /su=693163bcd6863227 /um

The file uninstall.exe has been discovered within the following program.

PC Performer Manager by Performersoft Inc

PC Performer Manager is bundled with various PC Performer registry optimization products.

www.pcperformer.com

69% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.