» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

MemZilla 2012

Dr Salman Zafar

The application uninstall.exe, “MemZilla 2012 Setup” by Dr Salman Zafar has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program MemZilla 2012 by Digital Millenium Inc. This file is typically installed with the program MemZilla 2012 by Digital Millenium Inc.

File name:

uninstall.exe

Publisher:

Digital Millenium Inc (signed by Dr Salman Zafar)

Product:

MemZilla 2012

Description:

MemZilla 2012 Setup

Version:

5.21.0.2012

MD5:

88448bc172fefada86ce6cd4e78e6c96

SHA-1:

50536580563cc1f510186214d5505baf3107a679

SHA-256:

4ad344c840862117251cbfa15c6c62a197b2108742181c699eb38db5cb8fcb74

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 1:28:41 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.DrSalmanZafar.Installer (M)

15.10.12.7

File size:

150.1 KB (153,728 bytes)

Product version:

5.21.0.2012

Original file name:

memzilla.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\memzilla 2012\uninstall.exe

Digital Signature

Signed by:

Dr Salman Zafar

Authority:

COMODO CA Limited

Valid from:

5/2/2012 7:00:00 PM

Valid to:

5/3/2013 6:59:59 PM

Subject:

CN=Dr Salman Zafar, O=Dr Salman Zafar, STREET=8 Achilles Road, L=Coventry, S=West Midlands, PostalCode=CV6 7NH, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7BDC15504020A97470E73278B5718D59

File PE Metadata

Compilation timestamp:

1/31/2011 11:44:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:RVlSRC9Z/eROXj4SYB05/LI14APvOXUHrRCVTbT5sKESGGgECdHD5/gC:TlSRC9ZeQXsSYBozKPvOkHrInbEufC4C

Entry address:

0x1D20

Entry point:

55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20... 
[+]

Entropy:

7.5728

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

4 KB (4,096 bytes)

Program Uninstaller

Program name:

MemZilla 2012

Display publisher:

Digital Millenium Inc

Display version:

5.21.0.2012

Uninstall string:

C:\Program Files (x86)\MemZilla 2012\uninstall.exe

The file uninstall.exe has been discovered within the following program.

MemZilla 2012 by Digital Millenium Inc

dmisoftware.com

About 3% of users remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.