» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Astromenda

Setup ©

The application uninstall.exe, “Setup ” has been detected as a potentially unwanted program by 18 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program WSE_Astromenda by Astromenda. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

uninstall.exe

Publisher:

Setup ©

Product:

Astromenda

Description:

Setup

Version:

2.21.18.7

MD5:

e0c84ee63d5a7b28af0a6070b2ae0f72

SHA-1:

8e454181af67a7392d0005622f4084c983cc094f

SHA-256:

d1406442e21764ae0b9753d102633a7243392871553a9df26e3276eadc6afad2

Scanner detections:

18 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/20/2024 2:31:31 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-141008

AVG

Adware InstallCore.AEV

2014.0.4311

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.15527

Comodo Security

UnclassifiedMalware

19673

ESET NOD32

Win32/InstallCore.YX potentially unwanted application

7.0.302.0

G Data

Win32.Trojan.Agent.W05848

14.10.24

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.7.8.0

McAfee

Trojan.GenericR-AUZ!E0C84EE63D5A

17.6.569.0

NANO AntiVirus

Trojan.Win32.Agent.dczfoa

0.28.2.62440

Panda Antivirus

Trj/Genetic.gen

14.09.14.03

Qihoo 360 Security

Malware.QVM05.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.8.10

Sophos

Generic PUA IO

4.98

SUPERAntiSpyware

PUP.Astromenda/Variant

9849

Trend Micro House Call

TROJ_GEN.R0C1H06HT14

7.2.281

Vba32 AntiVirus

Downware.InstallCore

3.12.26.3

VIPRE Antivirus

Threat.275960

40552

Zillya! Antivirus

Dropper.Agent.Win32.171388

2.0.0.1939

File size:

697 KB (713,728 bytes)

Product version:

2.21.18.7

Original file name:

uninstall.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\astromenda\uninstall.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:nq/5daymIVLPCL8u4E8F3vOyfuyXpkEFuJL0+jQvJZt9qnLQs:q7J3LPju4zWyfuckEFumLn+LQs

Entry address:

0x99868

Entry point:

55, 8B, EC, B9, 0B, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 10, 95, 49, 00, E8, 73, DB, F6, FF, 33, C0, 55, 68, 1B, 9B, 49, 00, 64, FF, 30, 64, 89, 20, B8, A8, 80, 49, 00, E8, B7, F3, F7, FF, 33, DB, 8D, 55, EC, B8, 34, 9B, 49, 00, E8, B8, 18, F7, FF, 8B, 45, EC, E8, D4, BA, F7, FF, 40, 0F, 85, 67, 01, 00, 00, E8, 64, 95, F6, FF, BB, 33, 00, 00, 00, B8, A0, 86, 01, 00, E8, E9, 9A, F6, FF, 8D, 55, E0, E8, 1D, 1D, F7, FF, 8D, 45, E0, 50, 8D, 55, DC, B8, 50, 9B, 49, 00, E8, 7C, 18, F7, FF... 
[+]

Entropy:

6.6661

Developed / compiled with:

Microsoft Visual C++

Code size:

611 KB (625,664 bytes)

Program Uninstaller

Program name:

WSE_Astromenda

Display publisher:

Astromenda

Uninstall string:

"C:\PROGRA~1\ASTROM~1\\uninstall.exe"

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.