» unins000.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (3)
Network (1)

unins000.exe

Trusted Software ApS

The application unins000.exe by Trusted Software ApS has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the BundleInstaller installer. This is the uninstaller utility registered in the Windows Control Panel for the program File Type Assistant by Trusted Software. Additionally, the file is typically installed by a number of programs including Trusted Software Assistant by Trusted Software and File Type Assistant by Trusted Software, both potentially unwanted software.

File name:

unins000.exe

Publisher:

Trusted Software ApS (signed and verified)

Description:

Setup/Uninstall

Version:

51.52.0.0

MD5:

6b741cb59f745ae8f8785717207c0d9c

SHA-1:

225e53adf9bac0e9274ae07919940a27163e414f

SHA-256:

778c35bd91bb5bfbfa295d682388ed5e4866008b7a7372fece46fbd30adf9d47

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/15/2024 5:19:18 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.TrustedSoftware.I

14.8.8.1

File size:

691.7 KB (708,320 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

BundleInstaller

Language:

Language Neutral

Common path:

C:\Program Files\file type assistant\unins000.exe

Digital Signature

Signed by:

Trusted Software ApS

Authority:

The USERTRUST Network

Valid from:

11/12/2010 3:30:00 AM

Valid to:

11/12/2013 3:29:59 AM

Subject:

CN=Trusted Software ApS, O=Trusted Software ApS, STREET=Blomsterhaven 42, L=Holbaek, S=n/a, PostalCode=4300, C=DK

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

1DA7007608C324C640CE3FBCC9418735

File PE Metadata

Compilation timestamp:

6/20/1992 2:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:HRObekMtkfohrPUs37uzHnA6zg5cItMpAHERI/rNkQRwW/6FXzb0ZDExyc6:xObekYkfohrP337uzHnA6cHiiHEVVg6K

Entry address:

0x9706C

Entry point:

55, 8B, EC, 83, C4, F4, 53, 56, 57, E8, CA, C2, F6, FF, E8, 21, E6, F6, FF, E8, B0, F2, F6, FF, E8, CB, 28, F7, FF, E8, FA, 2A, F7, FF, E8, D1, 98, F7, FF, E8, 44, 99, F7, FF, E8, 9B, B8, F7, FF, E8, AE, 1F, F8, FF, E8, A9, DE, F8, FF, E8, D0, 84, F9, FF, E8, B7, 97, F9, FF, E8, E2, 7E, FB, FF, E8, 85, 83, FB, FF, E8, 98, 9D, FB, FF, E8, 8B, B7, FB, FF, E8, E2, F1, FB, FF, E8, E1, 00, FC, FF, E8, 1C, 19, FC, FF, E8, 43, CC, FC, FF, E8, 46, 4D, FD, FF, E8, E5, 05, FE, FF, E8, 0C, B2, FE, FF, E8, 27, CF, FF... 
[+]

Entropy:

6.5098

Developed / compiled with:

Microsoft Visual C++

Code size:

601 KB (615,424 bytes)

2 Program Uninstaller

Program name:

File Type Assistant

Display publisher:

Trusted Software

Display version:

2014.3.4.0

Uninstall string:

"C:\Program Files (x86)\File Type Assistant\unins000.exe"

Program name:

FTA

Display version:

2014.12.2.0

Uninstall string:

"C:\Program Files\File Type Assistant\unins000.exe"

The file unins000.exe has been discovered within the following programs.

File Type Assistant by Trusted Software

File Type Assistant is typically bundled by various 3rd party software through modified installers of generally free open source software using the InstallIQ downloader.

www.trustedsoftware.com/utility-software/free-file-viewer.html

74% remove it

Trusted Software Assistant by Trusted Software

www.trustedsoftware.com

83% remove it

Unknown File Assistant by Trusted Software

Publisher's description - “Your download and software installation is managed by InstallIQ.”

72% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to file.org (66.39.64.146:80)

Remove unins000.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.