» uninstallmanager.exe
Overview
Analysis
File Details

uninstallmanager.exe

Skytech

Hefei Zhimingxingtong Software&Technology Co., Ltd.

The application uninstallmanager.exe by Hefei Zhimingxingtong Software&Technology Co. has been detected as adware by 39 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Skytech Co., Ltd. (signed by Hefei Zhimingxingtong Software&Technology Co., Ltd.)

Product:

Skytech

Version:

5.0.2.361

MD5:

40d63f6ac85b1d709ff903039aae05c2

SHA-1:

95fa7e9eb4dc19331e61a819b698ab848d3fc57c

SHA-256:

d88d0f2d97a4069af6923d4601cc30f77fe7a6b8c2b75bdc77bc397f89cf66fb

Scanner detections:

39 / 68

Status:

Adware

Analysis date:

4/26/2024 12:48:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.SlugIn.A

817

Agnitum Outpost

Win32.Slugin.A

7.1.1

AhnLab V3 Security

Win32/Slugin.C

2014.08.16

Avira AntiVirus

W32/Slugin.A

7.11.30.172

avast!

Patched-HO [Trj]

2014.9-141110

AVG

Generic

2015.0.3295

Baidu Antivirus

Virus.Win32.Patched.$dj

4.0.3.141110

Bitdefender

Win32.SlugIn.A

1.0.20.1570

Bkav FE

W32.OlayFara.PE

1.3.0.4959

Clam AntiVirus

Trojan.Spy-59563

0.98/19284

Comodo Security

TrojWare.Win32.Patched.P

19209

Dr.Web

Win32.Wplugin.1

9.0.1.0314

Emsisoft Anti-Malware

Win32.SlugIn

8.14.11.10.08

ESET NOD32

Win32/Slugin.A virus

8.7.0.302.0

Fortinet FortiGate

W32/Wplug.A

11/10/2014

F-Prot

W32/Slugin.B

v6.4.6.5.141

F-Secure

Win32.SlugIn.A

11.2014-10-11_2

G Data

Win32.SlugIn

14.11.24

IKARUS anti.virus

Virus.Win32.Patched.HO

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13054

Kaspersky

Virus.Win32.Slugin

14.0.0.2968

Malwarebytes

PUP.Optional.Skytech.A

v2014.11.10.08

McAfee

W32/Wplugin

5600.6951

Microsoft Security Essentials

Threat.Undefined

1.179.3144.0

MicroWorld eScan

Win32.SlugIn.A

15.0.0.942

NANO AntiVirus

Virus.Win32.Slugin.ddowbn

0.28.2.61519

nProtect

Win32.SlugIn.A

14.08.14.01

Panda Antivirus

W32/Wplugin.A

14.11.10.08

Qihoo 360 Security

Virus.Win32.Slugin.A

1.0.0.1015

Quick Heal

W32.Slugin.A

11.14.14.00

Reason Heuristics

PUP.HefeiZhimingxingtongSoftwareTechnologyCo.Q

14.11.10.8

Rising Antivirus

PE:Win32.Agent.ey!1474842

23.00.65.141108

Sophos

W32/Slugin-A

4.98

Total Defense

Win32/Slugin.A

37.0.11124

Trend Micro House Call

PE_WPLUG.A

7.2.314

Trend Micro

PE_WPLUG.A

10.465.10

Vba32 AntiVirus

Trojan.Patched.dj

3.12.26.3

VIPRE Antivirus

Threat.4314870

32210

ViRobot

Win32.Patched.N

2011.4.7.4223

File size:

1.8 MB (1,861,272 bytes)

Product version:

5.0.2.361

Original file name:

UninstallManager

File type:

Executable application (Win32 EXE)

Language:

Chinese

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\19933417.zipdir\uninstallmanager.exe

Digital Signature

Signed by:

Hefei Zhimingxingtong Software&Technology Co., Ltd.

Authority:

GlobalSign nv-sa

Valid from:

10/29/2013 7:07:05 AM

Valid to:

10/30/2014 7:07:05 AM

Subject:

CN="Hefei Zhimingxingtong Software&Technology Co., Ltd.", O="Hefei Zhimingxingtong Software&Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11219E374B1001FFC6B983B5DE082D65401A

File PE Metadata

Compilation timestamp:

5/28/2014 6:48:02 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:xDHg7bmpPxIXN01OnzSXZN9VNUglhQPWJDvae9w0nLmR3ExsCC6yZQ60slZtgYoa:x6TyISJN9D9vBKxp0YtOf0JJyEl

Entry address:

0xFA3E7

Entry point:

E8, 6B, C5, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 64, 53, 55, 00, 6A, 01, A3, C4, 2B, 59, 00, E8, D3, C6, 00, 00, FF, 75, 08, E8, 2B, 5F, 00, 00, 83, 3D, C4, 2B, 59, 00, 00, 59, 59, 75, 08, 6A, 01, E8, B9, C6, 00, 00, 59, 68, 09, 04, 00, C0, E8, F9, 5E, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, C6, B6, 04, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, A8, 29, 59, 00, 89, 0D, A4, 29, 59, 00, 89, 15, A0, 29, 59, 00, 89, 1D, 9C, 29, 59, 00, 89, 35, 98, 29, 59, 00, 89, 3D, 94... 
[+]

Code size:

1.3 MB (1,391,616 bytes)

Remove uninstallmanager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.