» ursoftsetup.exe
Overview
Analysis
File Details
Downloads (2)

ursoftsetup.exe

Your Uninstaller! 7

URSoft, Inc.

The application ursoftsetup.exe, “Your Uninstaller! 7 Setup ” by URSoft has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from download.ursoftware.com and multiple other hosts.

File name:

ursoftsetup.exe

Publisher:

URSoft, Inc. (signed by URSoft, Inc.)

Product:

Your Uninstaller! 7

Description:

Your Uninstaller! 7 Setup

Version:

7.5.2013.2

MD5:

a213b780e47b46ddb5d410e608683625

SHA-1:

b952acf9367684e427ac34baec8a065ceafb89f4

SHA-256:

cf85ad3f0baaa1b3103ef3742bcfa085700094a2cc7fe01310f737758f2e604e

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/25/2024 1:12:09 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Toolbar

4.0.3.131222

Bkav FE

W32.Clod181.Trojan

1.3.0.4613

Dr.Web

Trojan.DownLoader10.19818

9.0.1.0356

ESET NOD32

Win32/Toolbar.Babylon (variant)

7.9178

Fortinet FortiGate

W32/MyPCBackup.A

3/2/2014

F-Prot

W32/Undefined.Threat

v6.4.7.1.166

K7 AntiVirus

Trojan

13.174.10575

McAfee

Artemis!DC5688A33D8F

5600.7203

Trend Micro House Call

TROJ_GEN.F47V0804

7.2.356

File size:

7.7 MB (8,027,984 bytes)

Product version:

7.5.2013.2

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ursoftsetup.exe

Digital Signature

Signed by:

URSoft, Inc.

Authority:

COMODO CA Limited

Valid from:

3/6/2012 2:00:00 AM

Valid to:

3/7/2015 1:59:59 AM

Subject:

CN="URSoft, Inc.", O="URSoft, Inc.", STREET=7241 W. Addison, L=Chicago, S=IL, PostalCode=60634, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2D52C7CF5E69A633AC3AED0E78F988DC

File PE Metadata

Compilation timestamp:

12/25/2011 11:18:04 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:J/t7Hvar7lVyyptVoYiI5+JG5UuoRixAzFuE08:H7Pe7qynZUJG5Uu9ezFb08

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, B0, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, B0, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.9871

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file ursoftsetup.exe has been seen being distributed by the following 2 URLs.

http://download.ursoftware.com/.../dl.php?pid=yu2012&nd=1&nocnet=1

http://dl2.ursoftware.com/.../dl.php?pid=yu2012&nocnet=1

Remove ursoftsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.