» uninstaller.exe
Overview
Analysis
File Details
Behaviors (1)

uninstaller.exe

Shop Essentials

The application uninstaller.exe by Shop Essentials has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Discovery App by Discovery App.

File name:

uninstaller.exe

Publisher:

Shop Essentials (signed and verified)

Version:

2.0.5810.18695

MD5:

727f3018528b5c681e06f82c1ebc2c65

SHA-1:

f3f56bca64adc3b355119c51caa25156d8b8a7d2

SHA-256:

e04171665d259badf3f213f5ae973777280f52775fd630023dc5e631beed4bd0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 11:29:38 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.ShopEssentials.Installer (M)

15.11.29.13

File size:

306.2 KB (313,560 bytes)

Product version:

2015.11.28

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Program Files\discovery app\uninstaller.exe

Digital Signature

Signed by:

Shop Essentials

Authority:

VeriSign, Inc.

Valid from:

9/25/2015 3:00:00 AM

Valid to:

9/25/2016 2:59:59 AM

Subject:

CN=Shop Essentials, O=Shop Essentials, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7BFC9C7493D9BD629846B6D4E43C48A2

File PE Metadata

Compilation timestamp:

6/5/2014 2:58:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:NQ36TsnM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2TB:FTsnM3D0Fw/tN8dkmLtpHHHrh7KB

Entry address:

0x31E4

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 6C, 44, 00, E8, 1B, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 6B, 44, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, 2B, 44, 00, E8, 0D, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, F0, 46, 00, 57, E8, FB, 23, 00, 00... 
[+]

Entropy:

7.9385

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Program Uninstaller

Program name:

Discovery App

Display publisher:

Discovery App

Display version:

2.0.5810.18695

Uninstall string:

"C:\Program Files (x86)\Discovery App\uninstaller.exe"

Remove uninstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.