» uninstall.exe
Overview
Analysis
File Details

uninstall.exe

Funshion

Beijing Funshion Online Technologies Ltd.

File name:

uninstall.exe

Publisher:

北京风行在线技术有限公司 (signed by Beijing Funshion Online Technologies Ltd.)

Product:

Funshion

Description:

Funshion Installation

Version:

3.0.0.16

MD5:

ead879e3f475cc73e720ea77f45882d0

SHA-1:

97331b404c8b2972eff2957c771147f06d42dbc1

SHA-256:

2475da85f10326ec1ada739dcd98853ea3a61d4bb7ea56fe54586dbed134f41a

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 7:06:46 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

DLOADER.Trojan

9.0.1.036

File size:

908.1 KB (929,928 bytes)

Product version:

3.0.0.16

Original file name:

FunshionUninstal.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\funshion online\3.0.0.16\uninstall.exe

Digital Signature

Signed by:

Beijing Funshion Online Technologies Ltd.

Authority:

Thawte, Inc.

Valid from:

7/22/2012 8:00:00 PM

Valid to:

8/2/2014 7:59:59 PM

Subject:

CN=Beijing Funshion Online Technologies Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Beijing Funshion Online Technologies Ltd., L=Beijing, S=Beijing, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7269EBE2996A280CC40DE7D2A71B088D

File PE Metadata

Compilation timestamp:

3/10/2014 3:25:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:A33dlg/CVVPhvRcVDwNq19DJcpcewFgtJN9C7ZLhop3/psQ/CYLA/rc:A33U+vRcVeqPDJcpFtgwrCUurc

Entry address:

0x56988

Entry point:

E8, E2, C4, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 51, 56, 8D, 45, F8, 50, FF, 15, 38, E2, 47, 00, 8B, 4D, FC, 33, C0, 2B, 05, 70, 30, 4A, 00, 1B, 0D, 74, 30, 4A, 00, 33, F6, 03, 45, F8, 56, 68, 10, 27, 00, 00, 13, CE, 51, 50, E8, B7, 68, 00, 00, 5E, C9, C3, 8B, FF, 55, 8B, EC, 51, 51, 56, 8D, 45, F8, 50, FF, 15, 38, E2, 47, 00, 8B, 4D, FC, 33, F6, 33, C0, 03, 45, F8, 13, CE, A3, 70, 30, 4A, 00, 89, 0D, 74, 30, 4A, 00, 33, C0, 5E, C9, C3, CC, CC, CC, CC, CC, CC, 83, 3D, C4, 75, 4A, 00, 00, 0F... 
[+]

Entropy:

6.9160

Code size:

497.5 KB (509,440 bytes)

Scan uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.