» unins000.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

unins000.exe

Smart PC Solutions, Inc.

The application unins000.exe by Smart PC Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Smart Driver Updater v3.4 by Smart PC Solutions. While running, it connects to the Internet address mail.passwords.smartpctools.com on port 80 using the HTTP protocol.

File name:

unins000.exe

Publisher:

Smart PC Solutions, Inc. (signed and verified)

Description:

Setup/Uninstall

Version:

51.1052.0.0

MD5:

71ca2b46620ac3af730741d90cc95c1e

SHA-1:

9f66b8fa044ae8e439190a9a9a0e73f4d890fd4b

SHA-256:

1b2ca838ce2fbaf2c2bc0bff46c79bbbffb23c541649a189ced5d7f0491bf684

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/27/2024 4:31:28 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Installer.I

14.8.11.3

File size:

1.1 MB (1,177,888 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\smart driver updater\unins000.exe

Digital Signature

Signed by:

Smart PC Solutions, Inc.

Authority:

VeriSign, Inc.

Valid from:

4/3/2014 3:00:00 AM

Valid to:

7/3/2017 2:59:59 AM

Subject:

CN="Smart PC Solutions, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Smart PC Solutions, Inc.", L=Alexandria, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

74ACA59709CEE75203B2332988708F43

File PE Metadata

Compilation timestamp:

10/13/2013 11:19:33 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:S4VN4kkKF3hDXq8xeidJLvktRskkkkJBcTgoALoyo52ZEdB+geBvxyxP:HT90D3D2wB4i

Entry address:

0xFF004

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, B4, D1, 4F, 00, E8, 25, 9F, F0, FF, 6A, EC, A1, 08, 2E, 50, 00, 8B, 00, 8B, 98, 70, 01, 00, 00, 53, E8, B8, AD, F0, FF, 25, 7F, FF, FF, FF, 50, 6A, EC, A1, 08, 2E, 50, 00, 53, E8, 0D, B0, F0, FF, 33, C0, 55, 68, 7F, F0, 4F, 00, 64, FF, 30, 64, 89, 20, 6A, 01, E8, 60, A7, F0, FF, E8, 9F, DE, FF, FF, A1, EC, CD, 4F, 00, 50, 68, 50, CE, 4F, 00, A1, 08, 2E, 50, 00, 8B, 00, E8, 48, CE, F7, FF, E8, F3, DE, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 19, E9, 5C, 56, F0, FF... 
[+]

Entropy:

6.4105

Developed / compiled with:

Microsoft Visual C++

Code size:

1015 KB (1,039,360 bytes)

Program Uninstaller

Program name:

Smart Driver Updater v3.4

Display publisher:

Smart PC Solutions

Display version:

3.4

Uninstall string:

"C:\Program Files (x86)\Smart Driver Updater\unins000.exe"

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to mail.passwords.smartpctools.com (173.192.91.180:80)

Remove unins000.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.