» uncheckitupdate.exe
Overview
Analysis
File Details
Behaviors (1)

uncheckitupdate.exe

Uncheckit Module

EVANGEL TECHNOLOGY(HK) LIMITED

The application uncheckitupdate.exe by EVANGEL TECHNOLOGY(HK) LIMITED has been detected as a potentially unwanted program by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named UncheckitUpdateTaskC triggered daily at a specified time.

File name:

uncheckitupdate.exe

Publisher:

EVANGEL TECHNOLOGY (HK) LIMITED (signed by EVANGEL TECHNOLOGY(HK) LIMITED)

Product:

Uncheckit Module

Description:

Uncheckit update

Version:

2.0.8.25888

MD5:

32b2d90ec1823b06e6c3960069f62bec

SHA-1:

99106b314bc7316da90b4e5c1eb0b072c87327fc

SHA-256:

e2cf2d34bd683f4da94d1facf203d8560229768570a95e0e661fe05300b6c133

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

11/25/2024 3:44:41 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160414-2

AVG

Win32/Floxif.A

2015.0.4568

Dr.Web

Adware.Mutabaha.1349, Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

8.0.319.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.96

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

McAfee

Trojan.Dropper-FIY!32B2D90EC182

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.730.0

Norman

Win32.Floxif.A

28.05.2016 15:32:18

Sophos

Virus 'W32/Floxif-C'

5.23

File size:

262.3 KB (268,583 bytes)

Product version:

2.0.8.25888

Original file name:

Update.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\uncheckit\uncheckitupdate.exe

Digital Signature

Signed by:

EVANGEL TECHNOLOGY(HK) LIMITED

Authority:

GlobalSign nv-sa

Valid from:

5/31/2016 9:09:28 AM

Valid to:

11/26/2016 3:27:12 PM

Subject:

CN=EVANGEL TECHNOLOGY(HK) LIMITED, O=EVANGEL TECHNOLOGY(HK) LIMITED, L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B2DF1544455F939E5B47B0797027BA42

File PE Metadata

Compilation timestamp:

5/31/2016 9:17:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:xy+eJ0i+gxixKlmPvozEpBV+UdvrEFp7hKk:xy+ej+gMLoaBjvrEH7L

Entry address:

0x18936

Entry point:

E9, 75, 11, FF, FF, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, 84, D0, 41, 00, 6A, 01, A3, 24, 9B, 42, 00, E8, 9D, 06, 00, 00, FF, 75, 08, E8, 9B, 06, 00, 00, 83, 3D, 24, 9B, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 83, 06, 00, 00, 59, 68, 09, 04, 00, C0, E8, 84, 06, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 23, 17, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 08, 99, 42, 00, 89, 0D, 04, 99, 42, 00, 89, 15, 00, 99, 42, 00, 89, 1D, FC, 98, 42, 00, 89, 35, F8, 98, 42, 00, 89, 3D, F4... 
[+]

Entropy:

6.7793

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

109.5 KB (112,128 bytes)

Scheduled Task

Task name:

UncheckitUpdateTaskC

Trigger:

Daily (Runs daily at 6:45 PM)

Description:

Uncheckit Update Task

Remove uncheckitupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.