uninstall.exe

IE Toolbar

ShopAtHome.com

The application uninstall.exe, “IE Toolbar Uninstall” by ShopAtHome.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program ShopAtHome.com Toolbar by Belcaro Group Inc. which is a potentially unwanted software program.
Remove uninstall.exe - Powered by Reason Core Security
Publisher:
ShopAtHome.com  (signed and verified)

Product:
IE Toolbar

Description:
IE Toolbar Uninstall

Version:
4, 2, 0, 21

MD5:
6e374280e743865d877b45361f776b04

SHA-1:
535dce672e96be6e11be9f2cdc15c421c4ac42ca

SHA-256:
7b062072b2423558f6190afc3b73b5d010eb115d339e6ed189ebf78fbf60bab3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/9/2016 12:58:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Toolbar.ShopAtHome.J
14.6.10.12

Remove uninstall.exe - Powered by Reason Core Security
File size:
46.9 KB (48,024 bytes)

Product version:
4, 2, 0, 21

Copyright:
Copyright © 2001-2009. All rights reserved.

Original file name:
uninstall.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\shopathome\uninstall.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/25/2010 8:00:00 PM

Valid to:
6/21/2013 7:59:59 PM

Subject:
CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
063168411F371B898EE763E4858518C4

File PE Metadata
Compilation timestamp:
2/28/2012 11:40:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:+E8w9LlgD9z/4vt+aEjzaXEjoi6FctW/JK6RUvgCb2KLEbC0Acg:+E3LKDZjaEjza0jqcEbRUvN2K8Chj

Entry address:
0x1281

Entry point:
E8, B6, 15, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 58, AD, 40, 00, 89, 0D, 54, AD, 40, 00, 89, 15, 50, AD, 40, 00, 89, 1D, 4C, AD, 40, 00, 89, 35, 48, AD, 40, 00, 89, 3D, 44, AD, 40, 00, 66, 8C, 15, 70, AD, 40, 00, 66, 8C, 0D, 64, AD, 40, 00, 66, 8C, 1D, 40, AD, 40, 00, 66, 8C, 05, 3C, AD, 40, 00, 66, 8C, 25, 38, AD, 40, 00, 66, 8C, 2D, 34, AD, 40, 00, 9C, 8F, 05, 68, AD, 40, 00, 8B, 45, 00, A3, 5C, AD, 40, 00, 8B, 45, 04, A3, 60, AD, 40, 00, 8D, 45, 08, A3, 6C, AD, 40...
 
[+]

Entropy:
6.3747

Code size:
24.5 KB (25,088 bytes)

The file uninstall.exe has been discovered within the following program.

ShopAtHome.com Toolbar  by Belcaro Group Inc.
The ShopAtHome.com Toolbar will have the ability to inject such content into search results in your browser. Such content will be identified as ShopAtHome.com content, and you will have the ability to disable this feature of the Toolbar.
www.shopathome.com
64% remove it
 
Powered by Should I Remove It?

Remove uninstall.exe - Powered by Reason Core Security