» uninstall.exe
Overview
Analysis
File Details

uninstall.exe

Lavasoft Limited

The application uninstall.exe by Lavasoft Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.

File name:

uninstall.exe

Publisher:

Lavasoft Limited (signed and verified)

MD5:

754355ab5268dad54f1a0524ae11ba73

SHA-1:

b3aa69302d4393276bf39e9eb87e974cae42f7d0

SHA-256:

9f44bbb47c94a1b261bafa3b2625b43d19b3f8e55b7642132e8b7161aabbd4fb

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:56:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.SearchProtect

16.2.28.13

File size:

48.4 KB (49,592 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\ProgramData\search protection\uninstall.exe

Digital Signature

Signed by:

Lavasoft Limited

Authority:

VeriSign, Inc.

Valid from:

8/8/2013 7:00:00 AM

Valid to:

7/25/2015 6:59:59 AM

Subject:

CN=Lavasoft Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lavasoft Limited, L=sliema, S=Malta, C=MT

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0E13B3A79AA60B7EA934163F5237606B

File PE Metadata

Compilation timestamp:

12/6/2009 5:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:LpgpHzb9dZVX9fHMvG0D3XJbCNf22a6FI:1gXdZt9P6D3XJbCNO1

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

6.9892

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.