» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Softacular

The application uninstall.exe by Softacular has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program RocketTab by RocketTab.

File name:

uninstall.exe

Publisher:

Softacular (signed and verified)

Version:

1.0.5402.18144

MD5:

480c2b82d771971d8671b49b06c9a537

SHA-1:

540f0a4278e92dc957af237ae229e6ad7ab7c55f

SHA-256:

db8710e9b1c3896afef2d2eac739c119c8fe40e4b9514f103150a6da6f7d176b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/19/2024 8:15:04 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softacul.Installer (M)

16.5.31.22

File size:

3.7 MB (3,886,816 bytes)

Product version:

1.0.5402.18144

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\search extensions\uninstall.exe

Digital Signature

Signed by:

Softacular

Authority:

COMODO CA Limited

Valid from:

3/23/2014 5:00:00 PM

Valid to:

3/24/2015 4:59:59 PM

Subject:

CN=Softacular, O=Softacular, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

753A79B32D5A96BF1872FDE1AC60DEEA

File PE Metadata

Compilation timestamp:

10/16/2014 4:05:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:1QD1UaRzITJPwLJVPZE+CUc0w7zGE/eIrq7oNlKuBU3v1a4Y9Yk8:M8NoLPxJXiGc5rRNlVBav1xY98

Entry address:

0x3AAC02

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.3691

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.7 MB (3,837,440 bytes)

Program Uninstaller

Program name:

RocketTab

Display publisher:

RocketTab

Uninstall string:

"C:\Program Files (x86)\Search Extensions\uninstall.exe" /u=true /UserID=c7fb6d31-7a48-496a-bb88-0c4c22caf2d6 /SourceID=Google|NsisOnPage /ImplementationID=browsersafeguard-rockettab-hpc-gs-nt-nf /UC=

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.