home

uninstall.exe

This is a setup and installation application. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
MD5:
b89258eee28863a405a0260e87ae64b1

SHA-1:
dae9371a1fb73116552d06d2de456ca1527cf27c

SHA-256:
5d176da3ed6da31d0cab7993c231fc37783652367dadaa2749be5114700401da

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/19/2024 9:56:53 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DealPly.C1758534
3.8.3.16

Bkav FE
[BobSoft Mini Delphi - BoB / BobSoft]
1.3.0.8471

McAfee
PUP-FPD
5600.6134

Qihoo 360 Security
HEUR/QVM05.1.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Heuristic!ET#98% (rdm+)
23.00.65.17201

File size:
2.6 MB (2,733,056 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\AppData\{55296375-7181-0fcd-1c19-2a253871d6bd}\uninstall.exe

File PE Metadata
Compilation timestamp:
8/9/2015 5:20:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x260464

Entry point:
55, 8B, EC, 83, C4, F0, B8, 14, 85, 65, 00, E8, 28, E1, DA, FF, A1, 44, 5E, 66, 00, 8B, 00, E8, 94, FE, F5, FF, 8B, 0D, E4, 5A, 66, 00, A1, 44, 5E, 66, 00, 8B, 00, 8B, 15, 54, 91, 5C, 00, E8, 94, FE, F5, FF, A1, 44, 5E, 66, 00, 8B, 00, E8, E4, FF, F5, FF, E8, 03, 8F, DA, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.4 MB (2,487,296 bytes)

Scheduled Task
Task name:
{1F6AEDDA-2D6B-439F-AA73-B1C7176A0723}

Trigger:
Daily (Runs daily at 8:53 PM)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-124-103.nrt52.r.cloudfront.net  (54.192.124.103:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.48.176:80)

TCP (HTTP):
Connects to ec2-54-243-162-184.compute-1.amazonaws.com  (54.243.162.184:80)

TCP (HTTP):
Connects to ec2-54-225-212-5.compute-1.amazonaws.com  (54.225.212.5:80)

TCP (HTTP):
Connects to ec2-184-73-230-77.compute-1.amazonaws.com  (184.73.230.77:80)

TCP (HTTP):
Connects to ec2-23-21-246-202.compute-1.amazonaws.com  (23.21.246.202:80)

Scan uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.