» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Razoss Bar

Razoss Ltd

The application uninstall.exe by Razoss has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Razoss Bar by Razoss Ltd.. This file is typically installed with the program Razoss Bar by Razoss Ltd..

File name:

uninstall.exe

Publisher:

Razoss Ltd. (signed by Razoss Ltd)

Product:

Razoss Bar

Description:

Razoss Installer

Version:

0.1.0.411

MD5:

794a0bfaf86dad74d69527b1d898508d

SHA-1:

f1797ff6052a3cbc7543c98a8986a5f1a816b4f1

SHA-256:

108df3be35545085b5f7bdfe38db6a3679a9fb33c211983b28b760fb0a35a653

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 11:01:47 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Installer.J

14.8.28.20

File size:

401 KB (410,584 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\razoss\application\uninstall.exe

Digital Signature

Signed by:

Razoss Ltd

Authority:

COMODO CA Limited

Valid from:

3/25/2012 8:00:00 PM

Valid to:

3/26/2013 7:59:59 PM

Subject:

CN=Razoss Ltd, O=Razoss Ltd, STREET=8 Mordechai Meiri, L=Tel Aviv-Jaffa, S=Israel, PostalCode=69641, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2162C3C0B9F18CE892885F9A36086534

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:4w/F/JSvBF/e3WKgUg+yhLCWfriysUIJ5:4m0BFG3ls78WfrPsxT

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9565

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Program Uninstaller

Program name:

Razoss Bar

Display publisher:

Razoss Ltd.

Display version:

0.1.0.411

Uninstall string:

"C:\users\{user}\appdata\local\razoss\application\uninstall.exe"

The file uninstall.exe has been discovered within the following program.

Razoss Bar by Razoss Ltd.

www.razoss.com

About 3% of users remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.