home

UninstallTool.exe

Uninstall Tool

crystalidea.com

Publisher:
CrystalIDEA Software  (signed by crystalidea.com)

Product:
Uninstall Tool

Version:
3.1.1.5237

MD5:
c5a8178ef18c68340d19e549cf7b1830

SHA-1:
517d05d7900b71c7c72836ce3ba0292435d61079

SHA-256:
0361b5cb5536d5695b10313b6a04f086e7315aaa670eef6de51e971398124eb8

Scanner detections:
4 / 68

Status:
Clean  (4 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/23/2024 11:35:25 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Bkav FE
HW32.TsCabk
1.3.0.4613

Trend Micro House Call
TROJ_GEN.F47V0122
7.2.347

VIPRE Antivirus
Trojan.Crypt.Krap
16396

ViRobot
Backdoor.Win32.A.Hupigon.3313656
2011.4.7.4223

File size:
3 MB (3,140,120 bytes)

Product version:
3.1.1.5237

Copyright:
Copyright (C) 2004-2012 CRYSTALIDEA Software

Original file name:
UninstallTool.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\microsoft\windows\start menu\programs\administrative tools\configuration cleaners\uninstalltool.exe

Digital Signature
Signed by:
crystalidea.com

Authority:
Unizeto Technologies S.A.

Valid from:
1/19/2012 7:01:33 AM

Valid to:
1/18/2014 7:01:33 AM

Subject:
E=support@crystalidea.com, CN=crystalidea.com, O=crystalidea.com, C=PL

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
1DDC40D355C5DF7D3AF4E0D69A788359

File PE Metadata
Compilation timestamp:
3/31/2012 3:50:43 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:xAFR19uieZ7I5Dk5hYc5a3HAy6T0TyK0OiKn7:xAF90I5wn5aP/MK7

Entry address:
0x2EB209

Entry point:
E9, 1D, 9B, 00, 00, D9, 52, 74, CB, 87, E3, 97, 1B, B1, 0B, EE, 73, 5B, 29, 9F, F4, 38, F7, E5, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 96, 9A, C3, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, CC, 75, 62, 8B, 1E, 83, EE, FC, E9, E6, F7, 00, 00, E9, 89, 55, 00, 00, C1, EB, 15, F7, C0, 6A, 02, 61, 15, E9, 56, BC, FE, FF, E8, D6, 64, FF, FF, E9, C0, AA, FF, FF, E9, 2B, E1, FE, FF, C1, C6, 0F, 81, F7, DC, BF, 31, B9, 85, D3, E9, AD, F5, FE, FF, 89...
 
[+]

Entropy:
6.5486

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.7 MB (1,809,920 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to crystalidea.com  (173.230.144.164:443)

Scan UninstallTool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.