» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

ZGame Anti-Phishing Domain

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application uninstall.exe, “ZGame Anti-Phishing Domain Uninstaller” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program ZGame Anti-Phishing Domain by Jo Media inc.(Powered by Panda Security).

File name:

uninstall.exe

Publisher:

Jo Media inc.(Powered by Panda Security) (signed by Visicom Media Inc.)

Product:

ZGame Anti-Phishing Domain

Description:

ZGame Anti-Phishing Domain Uninstaller

Version:

1.0

MD5:

b06388dc37e88ff2770c1db9704b4cbc

SHA-1:

58e0a652aa55eb344d787728326dc9c214e5bf1c

SHA-256:

0d916eb53023abe2cea83e60f706924552f83e7ef4480eaec9e5f2723ffd08e4

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/18/2024 11:55:03 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Visicom.VisicomMedia.Installer (M)

16.2.10.19

File size:

95.9 KB (98,232 bytes)

Product version:

1.0.1.108

Trademarks:

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\zgame anti-phishing domain\uninstall.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte, Inc.

Valid from:

4/18/2012 7:00:00 AM

Valid to:

6/22/2014 6:59:59 AM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata

Compilation timestamp:

12/6/2009 5:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:oXJ9MBHO5h5934Dq8R7ATOtg7x+nUSSvpk6H/BhmzfPHvNF:oXJ9MBchTvtBN+Uk6Szn

Entry address:

0x323C

Entry point:

90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90... 
[+]

Entropy:

6.6059

Packer / compiler:

PseudoSigner 0.1PENinja 1.31

Code size:

23 KB (23,552 bytes)

Program Uninstaller

Program name:

ZGame Anti-Phishing Domain

Display publisher:

Jo Media inc.(Powered by Panda Security)

Display version:

1.0.0.0

Uninstall string:

C:\ProgramData\ZGame Anti-Phishing Domain\uninstall.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.