home

remove.exe

Visan Industries

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program HP Photo Creations by HP.
Publisher:
Visan Industries  (signed and verified)

MD5:
6e5c6df376346f5fd9f822e2b454999a

SHA-1:
58d7b3a848de32c6ecd87e26b93b98ee5a4bf91b

SHA-256:
f361654e4d6cb0d12ffec72ba20e23dcbe3c74325930ddee8e65ade98678b360

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 8:22:01 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160917-0

File size:
142.4 KB (145,832 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\roaming\hp photo creations\remove.exe

Digital Signature
Signed by:
Visan Industries

Authority:
Thawte, Inc.

Valid from:
7/11/2014 12:00:00 AM

Valid to:
9/17/2015 11:59:59 PM

Subject:
CN=Visan Industries, OU=SECURE APPLICATION DEVELOPMENT, O=Visan Industries, L=Folsom, S=California, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
17AED194A417BC79B175CAE316DF75BA

File PE Metadata
Compilation timestamp:
4/10/2010 12:19:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:jiszWOITsEL50jl7yj0rnHT5odkijaTXDM+ttwKqEm:tzZZf5wcM+LwKg

Entry address:
0x3415

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, B3, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, B2, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, A0, 32, 47, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, C0, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
26 KB (26,624 bytes)

Program Uninstaller
Program name:
HP Photo Creations

Display publisher:
HP

Display version:
1.0.0.17422

Uninstall string:
"C:\users\{user}\appdata\roaming\hp photo creations\remove.exe"


Scan remove.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.