unins000.exe

Ideakee Inc

The application unins000.exe by Ideakee Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program RegistryNuke 2012 version 2.0.0.90 by RegistryNuke, Inc..
Publisher:
Ideakee Inc  (signed and verified)

Description:
Setup/Uninstall

Version:
51.1052.0.0

MD5:
f663280e25f24ce3eef345d329a32a01

SHA-1:
a5c14578c87008c7907a3c20ec837ed7b2500e73

SHA-256:
cbdd9ed9a6b64432e789b3f00eb9467294c7a8145a6a159b77713f477ce71241

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 2:26:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.28.1

File size:
1.1 MB (1,173,184 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\registrynuke 2012\unins000.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/19/2012 2:00:00 AM

Valid to:
9/20/2013 1:59:59 AM

Subject:
CN=Ideakee Inc, O=Ideakee Inc, STREET="1104# Asphodel Pavilion,Hengxiang Garden 18 LIjiangRoad", L=Guilin, S=Guangxi, PostalCode=541004, C=CN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BCB072086DF6A3229C9893EE4873CDFA

File PE Metadata
Compilation timestamp:
3/17/2011 12:22:55 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Vh+EpSGP3ZEgRhuRKOODz6HY1SC9s6WcREFydry9u9Hx9gKG:Va+P6HpcTdnD3G

Entry address:
0xFAF7C

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, 10, 94, 4F, 00, E8, AD, DF, F0, FF, 6A, EC, A1, 7C, ED, 4F, 00, 8B, 00, 8B, 98, 70, 01, 00, 00, 53, E8, 40, EE, F0, FF, 25, 7F, FF, FF, FF, 50, 6A, EC, A1, 7C, ED, 4F, 00, 53, E8, 95, F0, F0, FF, 33, C0, 55, 68, F7, AF, 4F, 00, 64, FF, 30, 64, 89, 20, 6A, 01, E8, E8, E7, F0, FF, E8, 83, E1, FF, FF, A1, 48, 90, 4F, 00, 50, 68, AC, 90, 4F, 00, A1, 7C, ED, 4F, 00, 8B, 00, E8, 50, 0E, F8, FF, E8, D7, E1, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 19, E9, E4, 96, F0, FF...
 
[+]

Entropy:
6.4255

Developed / compiled with:
Microsoft Visual C++

Code size:
999 KB (1,022,976 bytes)

The file unins000.exe has been discovered within the following program.

RegistryNuke 2012 version 2.0.0.90  by RegistryNuke, Inc.
RegistryNuke 2012 is registry utility whose purported purpose is to remove redundant items from the Windows registry.
www.RegistryNuke.com
About 1% of users remove it
 
Powered by Should I Remove It?

Remove unins000.exe - Powered by Reason Core Security