unins000.exe

Trusted Software ApS

The application unins000.exe by Trusted Software ApS has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the BundleInstaller installer. This is the uninstaller utility registered in the Windows Control Panel for the program File Type Assistant by Trusted Software. Additionally, the file is typically installed by a number of programs including Trusted Software Assistant by Trusted Software and File Type Assistant by Trusted Software, both potentially unwanted software.
Publisher:
Trusted Software ApS  (signed and verified)

Description:
Setup/Uninstall

Version:
51.52.0.0

MD5:
6b741cb59f745ae8f8785717207c0d9c

SHA-1:
225e53adf9bac0e9274ae07919940a27163e414f

SHA-256:
778c35bd91bb5bfbfa295d682388ed5e4866008b7a7372fece46fbd30adf9d47

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 12:09:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.TrustedSoftware.I
14.8.8.1

File size:
691.7 KB (708,320 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
BundleInstaller

Language:
Language Neutral

Common path:
C:\Program Files\file type assistant\unins000.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
11/12/2010 3:30:00 AM

Valid to:
11/12/2013 3:29:59 AM

Subject:
CN=Trusted Software ApS, O=Trusted Software ApS, STREET=Blomsterhaven 42, L=Holbaek, S=n/a, PostalCode=4300, C=DK

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
1DA7007608C324C640CE3FBCC9418735

File PE Metadata
Compilation timestamp:
6/20/1992 2:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:HRObekMtkfohrPUs37uzHnA6zg5cItMpAHERI/rNkQRwW/6FXzb0ZDExyc6:xObekYkfohrP337uzHnA6cHiiHEVVg6K

Entry address:
0x9706C

Entry point:
55, 8B, EC, 83, C4, F4, 53, 56, 57, E8, CA, C2, F6, FF, E8, 21, E6, F6, FF, E8, B0, F2, F6, FF, E8, CB, 28, F7, FF, E8, FA, 2A, F7, FF, E8, D1, 98, F7, FF, E8, 44, 99, F7, FF, E8, 9B, B8, F7, FF, E8, AE, 1F, F8, FF, E8, A9, DE, F8, FF, E8, D0, 84, F9, FF, E8, B7, 97, F9, FF, E8, E2, 7E, FB, FF, E8, 85, 83, FB, FF, E8, 98, 9D, FB, FF, E8, 8B, B7, FB, FF, E8, E2, F1, FB, FF, E8, E1, 00, FC, FF, E8, 1C, 19, FC, FF, E8, 43, CC, FC, FF, E8, 46, 4D, FD, FF, E8, E5, 05, FE, FF, E8, 0C, B2, FE, FF, E8, 27, CF, FF...
 
[+]

Entropy:
6.5098

Developed / compiled with:
Microsoft Visual C++

Code size:
601 KB (615,424 bytes)

2 Program Uninstaller
Program name:
File Type Assistant

Display publisher:
Trusted Software

Display version:
2014.3.4.0

Uninstall string:
"C:\Program Files (x86)\File Type Assistant\unins000.exe"

Program name:
FTA

Display version:
2014.12.2.0

Uninstall string:
"C:\Program Files\File Type Assistant\unins000.exe"


The file unins000.exe has been discovered within the following programs.

File Type Assistant  by Trusted Software
File Type Assistant is typically bundled by various 3rd party software through modified installers of generally free open source software using the InstallIQ downloader.
www.trustedsoftware.com/utility-software/free-file-viewer.html
74% remove it
Trusted Software Assistant  by Trusted Software
www.trustedsoftware.com
83% remove it
Unknown File Assistant  by Trusted Software
Publisher's description - “Your download and software installation is managed by InstallIQ.”
72% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to file.org  (66.39.64.146:80)

Remove unins000.exe - Powered by Reason Core Security