» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

The executable uninstall.exe has been detected as malware by 35 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program uTorrent. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.

File name:

uninstall.exe

MD5:

a0f541b7cd4578fdbdfc57e32e0e7254

SHA-1:

1d3341735eabc33b9cb596065d34e1f7293b1ae4

SHA-256:

e64955a92651adf29795c5d4d93491258b7744ff503e9ac563b743c805584b8c

Scanner detections:

35 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

5/2/2024 10:31:04 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

-40

AhnLab V3 Security

Win32/Kashu.E

3.8.3.16

Avira AntiVirus

W32/Sality.AG

8.3.3.4

Arcabit

Win32.Sality.3

1.0.0.802

avast!

Win32:Kukacka

2014.9-170315

AVG

Win32/Sality

2018.0.2438

Baidu Antivirus

Win32.Virus.Sality

4.0.3.17315

Bitdefender

Win32.Sality.3

1.0.20.370

Bkav FE

W32.Sality.PE

1.3.0.8876

Comodo Security

Virus.Win32.Sality.gen

26759

Dr.Web

Win32.Sector.30

9.0.1.074

Emsisoft Anti-Malware

Win32.Sality

8.17.03.15.05

ESET NOD32

Win32/Sality.NBA

11.15092

F-Prot

W32/Sality.gen2

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2017-15-03_4

G Data

Win32.Virus.Sality

17.3.A:25.11192B:25.9090

IKARUS anti.virus

Virus.Win32.Sality

0.2.1.2

K7 AntiVirus

Virus

13.10.6.22727

Kaspersky

Virus.Win32.Sality

14.0.0.-1314

McAfee

W32/Sality.gen.z

5600.6094

Microsoft Security Essentials

Virus:Win32/Sality.AT

1.1.13504.0

MicroWorld eScan

Win32.Sality.3

18.0.0.222

NANO AntiVirus

Virus.Win32.Sality.yusp

1.0.70.15657

nProtect

Virus/W32.Sality.D

17.03.15.02

Panda Antivirus

W32/Sality.AA

17.03.15.05

Qihoo 360 Security

Virus.Win32.Sality.I

1.0.0.1120

Quick Heal

W32.Sality.U

3.17.14.00

Rising Antivirus

Virus.Sality!1.A5BD (classic)

23.00.65.17313

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.1.62.1

Trend Micro

PE_SALITY.RL

10.465.15

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.4

VIPRE Antivirus

Virus.Win32.Sality.at

56666

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.25

2.0.0.3232

File size:

128.4 KB (131,491 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\utorrent\uninstall.exe

File PE Metadata

Compilation timestamp:

8/5/2015 3:46:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x3217

Entry point:

60, 0C, 5A, 0F, BF, F7, 20, E2, 0F, BE, ED, 3D, 6E, 59, 8C, E8, 8B, FB, 0F, AF, C7, 81, D3, 43, 3B, 95, E7, 68, 70, B2, D5, 00, 8A, FB, 28, C9, F3, E8, 1F, 00, 00, 00, 69, D9, 89, 0C, B3, 94, 0F, BE, F7, 22, C2, FF, C7, F3, 81, C2, 5D, 9E, 00, 00, 0F, AF, CB, 08, C4, 69, C7, 67, 7A, 84, EA, 87, DB, BB, C3, 55, 69, 4C, 8D, 3D, B2, 14, 7B, 95, F7, C7, 68, 32, 67, 0F, 25, 91, B1, 92, BF, 31, DE, 0F, B6, D8, 05, 2C, 40, D6, 23, 81, FD, DE, DC, 00, 00, 5D, F2, 8D, 15, 55, 49, DE, 7B, C6, C6, B9, BF, 64, F3, 39... 
[+]

Entropy:

7.6870

Code size:

23.5 KB (24,064 bytes)

Program Uninstaller

Program name:

uTorrent

Uninstall string:

"C:\Program Files\uTorrent\uninstall.exe"

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.