» UninstallTool.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

UninstallTool.exe

Uninstall Tool

crystalidea.com

This file is installed with the program Uninstall Tool.

File name:

UninstallTool.exe

Publisher:

CrystalIDEA Software (signed by crystalidea.com)

Product:

Uninstall Tool

Version:

3.2.2.5289

MD5:

5fbc4b6f4cdbcdcd2d6ab42cf66c8f2b

SHA-1:

6fd51d19f29e26364f87bd73220542848621f31c

SHA-256:

744253c9480d16af1d19e0f94a62f6bcf124ffb4d8b82ba4e49107cd58117f8a

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/18/2024 1:25:27 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.TsCabk

1.3.0.4959

Trend Micro House Call

TROJ_GEN.F47V0122

7.2.80

ViRobot

Backdoor.Win32.A.DarkKomet.3270800

2011.4.7.4223

File size:

3.1 MB (3,270,800 bytes)

Product version:

3.2.2.5289

Original file name:

UninstallTool.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\uninstall tool\uninstalltool.exe

Digital Signature

Signed by:

crystalidea.com

Authority:

Unizeto Technologies S.A.

Valid from:

1/19/2012 3:01:33 PM

Valid to:

1/18/2014 3:01:33 PM

Subject:

E=support@crystalidea.com, CN=crystalidea.com, O=crystalidea.com, C=PL

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

1DDC40D355C5DF7D3AF4E0D69A788359

File PE Metadata

Compilation timestamp:

12/26/2012 10:55:03 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:Rbzwl2UmuOsWxpUoLRaZNGH+LXnigP3KT/IoAK86hfRp1JwKv:t8HApNdaHGoHP8P3HDwa

Entry address:

0x31FD03

Entry point:

E9, 7C, BB, FB, FF, 79, 8D, 80, 28, 9B, 06, 42, 8D, 4C, 4A, A7, B9, 77, 79, 8D, 17, C0, 77, AF, 83, EC, 0C, 53, 56, 57, E8, 24, 02, 00, E8, 56, F5, FF, FF, EB, ED, 32, BC, 11, 07, 70, F5, E9, B8, DE, FD, FF, 8B, 45, FC, E8, C8, 3C, FD, FF, E9, 5F, 32, FF, FF, C1, E9, 1E, 33, F8, E9, 6F, 73, FE, FF, 68, 85, 52, BC, 56, 58, C1, C0, 02, 81, E0, 29, 3D, BD, 4A, 81, F0, B5, E5, 02, 3B, 03, C5, E9, 7C, E8, FF, FF, 81, F2, 88, E7, D8, 39, E8, 5A, 76, FB, FF, CE, E8, 2C, 72, 0F, 07, 10, 1B, 03, 15, 40, E8, 70, 00... 
[+]

Entropy:

6.5575

Packer / compiler:

Xtreme-Protector v1.05

Code size:

1.8 MB (1,894,400 bytes)

The file UninstallTool.exe has been discovered within the following programs.

Uninstall Tool by CrystalIdea Software, Inc.

Publisher's description - “Uninstaller that works with lightning speed, performs complete removal of software and manages programs that run at system startup.”

www.crystalidea.com

22% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to crystalidea.com (173.230.144.164:80)

Scan UninstallTool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.