» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Razoss Bar

Razoss Ltd

The application uninstall.exe by Razoss has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Razoss Bar by Razoss Ltd.. This file is typically installed with the program Razoss Bar by Razoss Ltd..

File name:

uninstall.exe

Publisher:

Razoss Ltd. (signed by Razoss Ltd)

Product:

Razoss Bar

Description:

Razoss Installer

Version:

0.1.0.399

MD5:

337ccf08fa19546c1398c1af1c1e88dd

SHA-1:

ab8cad9d9280e904d4e66a8b4ab117118ab7596c

SHA-256:

ecb2868e493801aca6cc4b9c104a22cd9faf5e613501e806de0bdfab23bcd708

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 6:50:08 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.6.23.4

File size:

400.3 KB (409,944 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\razoss\application\uninstall.exe

Digital Signature

Signed by:

Razoss Ltd

Authority:

COMODO CA Limited

Valid from:

3/26/2012 7:00:00 AM

Valid to:

3/27/2013 6:59:59 AM

Subject:

CN=Razoss Ltd, O=Razoss Ltd, STREET=8 Mordechai Meiri, L=Tel Aviv-Jaffa, S=Israel, PostalCode=69641, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2162C3C0B9F18CE892885F9A36086534

File PE Metadata

Compilation timestamp:

12/6/2009 5:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:js3n6Qk81XR1A1GgdBUdgKHQyKvO4bpHRtFMJpv2Rlj9fimNc/wJgQpy5MIxR6FH:knbk85CGAIgKHQHDpxXapc59fdaXXbk

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9560

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Program Uninstaller

Program name:

Razoss Bar

Display publisher:

Razoss Ltd.

Display version:

0.1.0.399

Uninstall string:

"C:\users\{user}\appdata\local\razoss\application\uninstall.exe"

The file uninstall.exe has been discovered within the following program.

Razoss Bar by Razoss Ltd.

www.razoss.com

About 3% of users remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.