home

uninstaller.exe

TODO:

TODO: <Company name>

The application uninstaller.exe, “TODO: <File description>” has been detected as a potentially unwanted program by 2 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program SweetIM Bundle by SweetPacks by SweetPacks LTD. The file has been seen being downloaded from cdn.download.sweetpacks.com.
Publisher:
TODO:

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.10

MD5:
3c7123363cc6123b2e9745a07c9bb41a

SHA-1:
164819d16a461059e8bcf356ed612edd7e9f2f25

SHA-256:
9ff8380546fbd8a893865f85f0c937fe51220062632533e46a39394052f1c30f

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 6:47:11 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.SweetIM.29
9.0.1.0322

Reason Heuristics
(M)
16.6.6.21

File size:
369 KB (377,856 bytes)

Product version:
1.0.0.10

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
BundleUninstall.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\uninstaller.exe

File PE Metadata
Compilation timestamp:
8/22/2013 6:42:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:CxE5dAua2gLhvRtw9EmhpFCvpOF5FGFYWkL/ST+gfz69hnNrYiPnihxHFLr:CSY1w9EmSEF0YWkjST+gfujBd

Entry address:
0x243F2

Entry point:
E8, 69, 55, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 50, A8, 44, 00, 75, 02, F3, C3, E9, EB, 55, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, DE, 15, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 64, 5B, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, AB, 56, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, EA, 15, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73...
 
[+]

Entropy:
6.2196

Code size:
226 KB (231,424 bytes)

Program Uninstaller
Program name:
SweetIM Bundle by SweetPacks

Display publisher:
SweetPacks LTD

Display version:
1.0.0.0

Uninstall string:
"C:\Program Files\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SweetIM Bundle by SweetPacks" "/linkurl=http://lp.sweetim.com/SweetPacksBundleUninstaller" "/sweettext=SweetIM (SweetIM for M


The file uninstaller.exe has been seen being distributed by the following URL.

http://cdn.download.sweetpacks.com/simsdm/.../Uninstaller.exe

Remove uninstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.