» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

TwonkyManager Installer

PacketVideo

The executable uninstall.exe has been detected as malware by 25 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program TwonkyManager. This file is typically installed with the program TwonkyMedia by PacketVideo.

File name:

uninstall.exe

Publisher:

PacketVideo Corporation. (signed by PacketVideo)

Product:

TwonkyManager Installer

Version:

2.0.5.69

MD5:

234a198fced85485513ec09be97a52a6

SHA-1:

8aa58f2567b9603d234c289a3193021d92010956

SHA-256:

2a62c9d3414d65e3c59e7ffa73db1348f593c13f6258dd4c0eb048de020abb18

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/19/2024 2:34:44 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

fuzzy_signature

2011.03.12

Avira AntiVirus

TR/Dldr.Renos.PC.416

7.11.4.177

avast!

Win32:Renos-XV

2014.9-161107

AVG

fuzzy_signature

2017.0.2566

Bitdefender

Trojan.Generic.KDV.152153

1.0.20.1560

Clam AntiVirus

Trojan.FakeAV.DRW

0.98/17411

Comodo Security

Packed.Win32.TDSS.~AA

7955

Emsisoft Anti-Malware

Trojan-Downloader.SuspectCRC!IK

8.16.11.07.04

ESET NOD32

Win32/TrojanDownloader.FakeAlert.ARF

10.5948

Fortinet FortiGate

fuzzy_signature

11/7/2016

F-Prot

W32/FakeAlert.KN2.gen

v6.4.6.2.117

F-Secure

Trojan.Generic.KDV.152153

11.2016-07-11_2

G Data

fuzzy_signature

16.11.21

IKARUS anti.virus

fuzzy_signature

t3scan.1.1.97.0

McAfee

Downloader-CEW.ae

5600.6222

Microsoft Security Essentials

TrojanDownloader:Win32/Renos.PC

1.163.1557.0

Panda Antivirus

fuzzy_signature

16.11.07.04

Prevx

fuzzy_signature

3.0

Rising Antivirus

fuzzy_signature

23.00.65.161105

Sophos

Mal/FakeAV-IZ

4.63

SUPERAntiSpyware

Trojan.Agent/Gen-FakeAlert[DrWeb]

8790

Trend Micro House Call

TROJ_FAKEAV.SM1C

7.2.312

Trend Micro

TROJ_FAKEAV.SM1C

10.465.07

Vba32 AntiVirus

fuzzy_signature

3.12.14.3

VIPRE Antivirus

Trojan.Win32.Generic

8680

File size:

83.4 KB (85,416 bytes)

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\twonkymedia\uninstall.exe

Digital Signature

Signed by:

PacketVideo

Authority:

VeriSign, Inc.

Valid from:

4/26/2010 2:00:00 AM

Valid to:

5/21/2013 1:59:59 AM

Subject:

CN=PacketVideo, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PacketVideo, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

72F76453731A1DC18F87FE3CA426812D

File PE Metadata

Compilation timestamp:

1/28/2009 8:42:55 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:DpN/NRstKaXTQBBrvkNS52xCXnM7yrfSyTHWLbgXRJF7ouZIkIgd19pphCdh:DNRstKyTQn9kx0nM7yrfZCbgJJouP9u

Entry address:

0x340C

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, B3, 47, 00, E8, 64, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, B2, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, A0, 32, 47, 00, E8, 32, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, C0, 4C, 00, 57, E8, 20, 26, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

26 KB (26,624 bytes)

Program Uninstaller

Program name:

TwonkyManager

Display version:

2.0.5.69

Uninstall string:

C:\Program Files\TwonkyMedia\uninstall.exe

The file uninstall.exe has been discovered within the following program.

TwonkyMedia by PacketVideo

About 4% of users remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.