uninst.exe

The executable uninst.exe has been detected as malware by 35 anti-virus scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Unlocker 1.9.1-x64 by Cedrick Collomb. The file has been seen being downloaded from download.lenovo.com and multiple other hosts.
MD5:
cdd9166cb5c720bec153625d00d15030

SHA-1:
0a0336a0cbc261ca5ee17d1d2a1274de42e5d087

SHA-256:
997f441095660e3b83d4a4bb8caaa34c86501031a434c8c39bb47aef72eb485a

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
11/24/2024 3:10:38 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Worm.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Gen
2013.10.26

Avira AntiVirus
W32/Tapin
7.11.109.114

avast!
Win32:Agent-AODJ [Trj]
2014.9-150318

AVG
Worm/Delf
2016.0.3166

Baidu Antivirus
Worm.Win32.Delf
4.0.3.15318

Bkav FE
W32.FakeExeYHPtv
1.3.0.4261

Clam AntiVirus
WIN.Virus.Gnamer
0.98/18155

Comodo Security
Worm.Win32.Delf.nj
17157

Dr.Web
Trojan.Inject1.28681
9.0.1.077

Emsisoft Anti-Malware
Worm.Generic.377772
8.15.03.18.06

ESET NOD32
Win32/Delf.NRJ
9.8967

Fortinet FortiGate
W32/Renamer.BQT!tr
3/18/2015

F-Prot
W32/Renamer.A.gen
v6.4.7.1.166

F-Secure
Worm.Generic.377772
11.2015-18-03_4

G Data
Worm.Generic.377772
15.3.22

IKARUS anti.virus
Virus.Win32.Renamer
t3scan.2.0.127

K7 AntiVirus
Trojan
13.173.9994

Kaspersky
Virus.Win32.Renamer
14.0.0.2326

McAfee
W32/Gnamer
5600.6822

Microsoft Security Essentials
Virus:Win32/Grenam.A
1.163.1557.3

MicroWorld eScan
Worm.Generic.377772
16.0.0.231

NANO AntiVirus
Trojan.Win32.Renamer.lnwkz
0.26.0.55532

Norman
Renamer.M
11.20150318

nProtect
Trojan/W32.Agent.534016.BS
13.10.25.03

Panda Antivirus
Suspicious file
15.03.18.06

Quick Heal
W32.Grenam.A
3.15.12.00

Rising Antivirus
Trojan.Win32.Renamer.g
23.00.65.15316

Sophos
Troj/Eloigne-L
4.94

SUPERAntiSpyware
Trojan.Agent/Gen-Soriam
9989

Total Defense
Win32/Tapi.D
37.0.10498

Trend Micro House Call
TROJ_AGENT_005249.TOMB
7.2.77

Trend Micro
TROJ_AGENT_005249.TOMB
10.465.18

Vba32 AntiVirus
Worm.Delf
3.12.24.3

VIPRE Antivirus
Virus.Win32.Grenam.a
22730

File size:
521.5 KB (534,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\unlocker\uninst.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:ErMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9V4:2ZyCA8CBmn+RrNj9ay5I4

Entry address:
0x72814

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 14, 0E, 47, 00, E8, 43, 4A, F9, FF, 8B, 1D, 30, 53, 47, 00, 8B, 03, E8, 06, 60, FE, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, 3B, 7D, FE, FF, 8B, 0D, 5C, 52, 47, 00, 8B, 03, 8B, 15, E0, 0A, 47, 00, E8, FC, 5F, FE, FF, 8B, 0D, 68, 53, 47, 00, 8B, 03, 8B, 15, 90, 05, 47, 00, E8, E9, 5F, FE, FF, 8B, 03, E8, 62, 60, FE, FF, 5B, E8, C0, 28, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5930

Developed / compiled with:
Microsoft Visual C++

Code size:
451 KB (461,824 bytes)

Program Uninstaller
Program name:
Unlocker 1.9.1-x64

Display publisher:
Cedrick Collomb

Display version:
1.9.1

Uninstall string:
C:\Program Files\Unlocker\uninst.exe


The file uninst.exe has been seen being distributed by the following 38 URLs.

https://download.lenovo.com/consumer/.../2xcs00ww.exe

http://www.capitaltowervaults.com/R7MZHEceXCy4a4mWEir3xvNVOdLaHJiyT0NkkxKwWSldU0W_bu73yEwVYQ7BlxRdMb_c95rT8ruaI d 1GEjRoiyxeQ5ASJ5xvXgJr8x7uiwg2xZWIngW8rjj7Q_nHnU3W mCfPafjV_iH0JpaALPz9wcaUIMiYNvJSU9z8mnlpV6PISghAzHQoQradhSX5kxMinJAi4URllqAVxaxu4bWRa0DVqroMcqftq5RicUxrN4GGA7gbrISGTizyhimkb5j7kv3yHM6TGvc897rWrwWoBam58QzgEJxbuUYQhBfk85oj6CMR0vXD3E_zPouKgLSgpR79L78jvNriSz 6ublDJ0ZhyDVTfs61wqytYwp1Welx5vK2xjHsuCMK9q4ZkoHiosofaDU_iNO00rGfs1Up gFOU XsJEH1gpNDr5L0HnWV1u3EOf8I0Jbu6YQdv83xi46ORffFdMbU42DCOEAF9yo0mIX8XRyFQJ4pdWLq fi5oETN7IitfbUyZmTWejfWe0FXRNvH1NEglHP3ph3DjfZrGoHpHmuO77EZIjYlKtin3f8WFJJXSPLXYOPs1OTXyZWRxXYnzlwSxnX9vta6Aed5B_ofM4gn5fAefH1pnEznvEGKoGELW3jEg0nHkvP7 O_1mZCgn2HVBnXnSIVMGSr3yBF6qADeupa_MtEKjOxsUH9LEWRVsCf3I3AEDeUzIYEWzSI0xOe9f3AWycBnjyu9O6q KaWQ4EDi3Iw9J X5aEG 1GqTsM3I66pUDv9j752mmzECqGEdfGywPHoOeZkyhMvmm_6zsXJVnTJIjsJ78Ln7jPmeUyRvhWMI_K4rArw87l2Yv5qkH6HdQpkZaWT7E1NfpD9HC7EkxDUk9tO630qM=-Gy0AAEQ3F5slGezSz9EFwR_D5eddCCUCLSS3DuTGa74Jz DR685Mk8LNYyhOF_0o

http://www.babylon.com/.../download.cgi?type=100

http://www.applicationmegavault.com/1cUE4pWxKzvp5rWt CTy7gYEGfWr_smSVkmn7VOpz9XVpBTB0EmMGBo2by0y1hxWjO8y64UybDf9K5lZEK5ST24bDxlcutIB9SrtJPGqDjrJiMB_YfXSmldGgNgejN0luvdxt5El4Qssfg10ZOIdXDXnu1k7Za9Sevqaljyuc_E_gixCIAgn5rzUiWuw9zpvnzsMLPb5OrCYTF2OwH28ZObUpMNqgdOZALwffiVxkQDyWZ1d_dwisrR3ml wRIh6sAxx_mzr8z78US9iy_4d0la4N7eDSNDfFvUYV4INh3f7KVCnB3ftRLR4k7M4UqzsYa0pesyw7BIRcJAthCRYPwYeg81gi6d5GM4czkMTi4ML3EII_WRNqqG_iU_XCKlr3y5LqERTQkI1hWXR2nDo7RsdqHWBTjL oam4pW5cY4Qnxki3mEgK3GtK1tYdhZpxwfcC8EPercZW3KEknOzRLHonUlTzEg==-G1UAAMTaOU7Psn3MBqNBJ1fyQuGUA_ZWkbQ1D4AOB4 h57EUB70xxndYbLJ2An7JY6N0u2eJTjlw MfrBjKVgdoSk8MH-e

http://www.capitalheartlaboratory.com/2nL40_KNYX6CbfQr fK uBgZbRN_Kngb2UyeaFxUgtTERxw5cMZhEh2U5jEp1O2IxvxQ 3Ct9xwT20o3qPMS9LxZEm1nld2yfTX8CGea UejqBbB6v2PFZabJVp1AIZ9RTqtG1d5mt7Rt gx_HkZJ0vWKM3WNBSZ4jwX_Ull2Y8uweeagcg3VDqTuIfdMi3XQFh9eQWx_TTyn6u8epVn4bv H0PY9Etlcx3UY n2iB4hw_JZypq9bxm6l9_qZHsUQPBxi0a6Y7Pct9R iKNmIF8LZ8rimQAMnkO06l0u4 1U3s2b3i9oauV4rSBnU_fVUhBPuiIuRLgv5bLru5fHQRVeQapbeSalRyTGnQjF6KdpV45jjytv_A6C0eFbDmii8vF44o72KBrVXyQ5sSu3c tvpLbjf_R6 Fii36OIoozaXEUn2fifpch8_YQYXgARubd0diSd-GzwAAMQphxYEHSkIvm_RwSEHDu1BoIElEOyAjdkVB298m_ZKKByMQBMTKqr6Bn4D-e

http://www.capitalheartlaboratory.com/PiMrFOy6rYwFC04ITIGYaWOwPJaei14rylXSonc2wObZ6LtDJBBGd9uyoz8D3QUy59OomyipBl5JfjlhbvM3pTSEPhmweDmRHHbzSvpKmP_nNXvR3Uce7AWZ3S0rrX 64NJCZ54zuQO1T YnSHp2eXVzUZ7sRfoepnXqLs8dwLJxq2rLFNTJZTbKyu0tm3BhyZd6jn5HGrThqYiYX9Y2YXpU2AsBuFXWK7PVb98R2q_n634DJ MwM56dyq3rMPSaNxF P5MspKcMVzdj TyVpUZks0YO1QgOQkoHsSqjYDcUnjn2M4mCP2nfbNfHOWLgAlvAhsJlbufNEnkkCuwmkoqK9k2w2FXeQVme5x0pAlcljtfnJuUz6zy27hU_o4nIQhQbfD3ksag3kOVo58cYLB2DGfFUYcdSv2a EImrQFZe39NvDfk_zjO4YUABshy_ HxBnxVaBYHOB IhwJPwO0HNxplbhA==-G18AAGRwXmwD83Y1oQJyyqEGwG1BHFjzFI54cBwefySxSG9M MTlWcECi6meJ6SgsCEXXO15Qecs9n6orugZ7ian0HKhEb7MUGV QfM3-e

http://www.capitalheartlaboratory.com/G0SrhVRKu5L0VGs1VMy1SQqvK9449WA373qs90y5Of e_VBxdSr7vCKfI3UsQLDESqo9guv9USaX3sXrzrlhvh_Ta9u8SPzJFQn_O5cCbqPuYyyBrPAk99_gICFe432jjJEFSSiI2 vNvyIr1YR aVnhNSpEQQyb5lWIoIHQZr7DcfPSz2DKN5oS3bwbVD7r0hy8lOXhgKbiKRx4mngJSzt3smFzw0L2RcrBhplSTxKTnYIf3tC6QtomN sTecH8_PAnzkP3hKvGrosq48L1lMZE0drbzsc8yqVjscrBclJVr3HaF0x2diC6yHuwSIMOO4arLVQqUIV2yp_F3qx3qO_MevfS9_4lcMJcx73L DK9jv5wBzZYyaToVRQc8fjL74sRg_BPCJ9aPzMuI1nqgkvoFODxrFU1UDhD38PaLJzAqsphnc0j8kqPSON01lg9Un0hcuFc-GzwAAMQphxYEHSkIvm_RwSEHDu1BoIElEOyAjdkVB298m_ZKKByMQBMTKqr6Bn4D-e

http://z.getfile134.com/ex/d?z=1872&name=InjectedSetup&file=http://.../InjectedSetup.15.8.Fix.1.exe

http://files.downloadnow.com/s/software/13/48/20/.../FishSchool4994cn.exe

http://cp.z3x-team.com/.../latest_shell.exe

http://support.ricoh.com/bb/pub_e/dr_ut_e/0001265/0001265045/.../r65846en.exe

http://www.capitalheartlaboratory.com/obX_W0R qyeQqR3zwL0H5Rn BRJFTdAcsdTPnrAuYkXJh1ci804FIbbhxy9GqO 6SxUGYgHIKAztGfu7_tmIvGjYdBq_ZHiIpmy_gYGYnjoxp9R4X2pHVCMaEzMxJGQ2nP5XbVqZO41MXBmikj_IgJ_jiKfxaV1LUSQ5 QrbqVwNLa_44dN3dlYVPqeNLXFH9Di8lIf682ByMoN0vGaVkzwOjI028_sJ7o5Z6w6rLUEMqrnJ0NHCs_yOqObinlz2RSvE9rD6B PJLbFhAGuIj3hSTXgZQBplHUVlgrM4Ul4ReCIumHmN8bufp4zw7OiAAHf2plyN zAQ4gBkYXCrRJgNlDVPCW0LgApRAZUHYiIHzj36XgS_jB24LCo7VBuFLRCDnnhuWi8arJ6OwvgftXDv39g4W1mWdvmPrmWSczeetubs00BSlFg8_OMyZDoudnAnnAl-G0IAAES3eV5TJno gVdH0YhyygF7LQosjuLTYWNsfK8U3bTGKFBMOxfLh4rHmRWkQnccCwxvnSn EEXr3w==-e

http://www.mediafire.com/file/.../ino_setup.exe

http://www.arcai.com/.../netcut.exe

http://www.capitaltowervaults.com/ncq3xGPd_WJJP6qXVx6XzppuwFrU_HY9e6KSrEenBrxbveC02j1ZX5MyrWCKajUKiEHBUJ ssl4fUyV VqBzshi5JcqjA8j_FiO7yOZheo9NsUVNECv9vRMQh0wBQe42lUZHdMTdas5XVNNKG7QwwhClSahhaNTezE3TWuw0WX6dX2U8V3HtYldONdy5eF12pt jnSwYNv_ sfp4gmpOJXCI189nxpEJJsQmt3jn6K9nN3zmZb4tQwFZV9u1cHBBrf5MmHEkDsz WeB7nkyuD2G_wv98ZBZ8aDcTHlYWNIDv HjpsJGPWl5iWKkHWh8zl_2f7_ZkhgkQ3Xx7Dn7dxoGUvGw _y_RRMiTjclNXwZeb9qPEh3_fwky6uwNeD2bmdDcoSO7b_0rEQRp9qSPg86yEVDpvVCZv4N5Q5EBbE UWZtq1FJwkTEdSbCOrFNv7uFUXYpytkK5mroG4Bd9H2dEbdWQcl1ZfJbWsm BHncL7eMqmM3uihM_ Iijg8WlycBeiQiYYMZNEfsUESCOZAIqNI9VHkccNa9cEXcb4ROzR96tEH_CmkMe91XKJt4Bs55Y6_7pZLbL6N0P6S5P62kjsNDus0yP j_LFLIQpgMmAGdeggegTZdzqxlcuHymt5S4tXoUS NLS2m2hwvUYkIkcZGvBpx6iKRY97wPel7MmhShCck4G5ao6auM7WSsTFqJY4M9YUMeMdwVUosKZoDso4xr35DRBJQSiIlr9otqW1v10GeHRoe1BKdC3lNYvj hXcP5PfAHmMpEvupy7QH_EIkThVEOQtnLn89CdjXmIEzGTffvFYc5kyZmfchp4YRHh3iBkfkLHhC7XqYBt95RIRczBMkKhblq8OpKpMpmnwsEswDdJ0NTgfz1g5UlwYqza6fpyg64b1lQjrWvqMMy2QYDzvGtTpFwluAxiH1WiFEEI2j4SToaoKupeQPYwNOy03

http://www.contentrepositorycurrent.com/ZZ_pf1VB_6GXctFn_6G9QMeUtRMoCh0K3iRLg_MTQ6c6hzjnApmWAsiG3ANjt6LDd_38sqdOIuWwjgxbGzOALcIGvzI1_qBvTFk6lATOc0LozF1qgFjQQc69R9M F7aCFo0drzjI8qMsI378yLi496Dqit1BBl6n9P6TyaFoDbEYXcyDUZ7jksI EuOJcnUmiyD1tkVgpJvhtw5FR2KLCEnxhuznGavOFEUzdzrDwOewM09 E9hLyuWzonZqdu4UT98XuGF_T0g3yJ8cyowGU659Fa3quMRXRcLOfXnYq50wA2EhJZUqpI7xrPMSC1gu1yfNCyBq9SErK9FW8KND93Z2Ab3QLOV4WUlb3nAuC3CFvmijvM8io40FUi8C8y6fW6lkdO1P0BfqrdS2FUKKeIPIw86c3X_elyhZnqdumhDHgF8sxijNGv1y08AzE85TKaMLCKg8NNa_h1A cy9U5Rad78BaTI5fc SsIAVXuy0HdQi SkS_AqJfN3120azLFUGmvRH2SSsgVA_naEsrc54fIcykv1M4jKkFuRjtAmGmKmDZAYOmKUL1_qfPApdUVv0P9S 8b5yzeQ_scipI2LEGJ 7YnKkTn9fSiS0Ecs58j8AcOXIZ0o1JMfShmR4s4PFkdRgRL2X8dvkOEqTMagRHeFsaqH7T9Wq41IfEtnk75GgOmranUotuYalt3gvWBqZZqtuIHXRVfgzJXoo 0IXVBzbMgc3V8QvhWEKVGOQwHcCQSTUuv0AbDCTrWWTKntVxrT8m0o pRnndeiiYA2I3Iwjw87Z_qr74J SPvu0Jyya9qmT4XASIUoEnSoazW__xHBGV-Gy4AAEQ3F5slGeyny9EFwR_D5eddCCcCLSS3DuTGa74Jz DR685Mk8IaPXTgdNGPAg==

http://d.kgroot.com/android_root.exe

http://www.giftchuckleflash.com/N97VtNE1DLFufQTnTDvI1xSCP3tcnrs3Ikg86RjHbnHi8Uxh7uAZsRMMwMRCT38D7vRhYLOROwHAwKeYROvERV3jOC3qfzfihifw1sychC8aXNcERCpTvZghvGklFYTIlRqplKr2RMnfQtPiq9uSP50AfcKTBR03CLXZr 9iAOp_vfZqa Ee3vInQ6anVPPnK sakmqk-G1IAAGRgnq2tCczUBdiAA5eIAg0HszvbuI_z83ldAnyh5Twv_W60ZQ43x_H7gemf0PAd5MdTvP9WBFP_mG8 mEq9uUvjIckEDCJK0BhKEjiDAA==

http://149.202.85.216/bukhari/.../BukhariPedia_allbooks_allpdf.exe

http://www.capitalheartlaboratory.com/xektsPIg3ORLo_sDnXfwrLnYAjECdQV0Sx_qjjni1vvz0rZ jav7fNBGFPkocgtw35 8N9Z _pM6WKVZi56mk06BC_nkn9IXrb8tuUUd37oWT3K7Il71CocCW6yPeJBwCjuM52AQxeKq ow1athorbIkNQMeJQK5HXkXSg3ZNFK7bObEwdVLK0yCwh92sRfdtcUF8AlvKloz2ixHASv lMWOh9hXLiDVSJ1qO0kR277SlwZNjxcjMPUq1Hib1R4XDJKGzSc_aqM14qn6uUV7bKRVSP_7hDJ__EOpSRvYNjAg5WH DdbKhr4bnzw82AcEJtg_B5A SymJMGv_Qo8DLSQwnB7cNyu6idGnvBvrKwYuW F4uF12ZjiTTBL09Ld0DHzPhk_A6D9 03zjErJnxhtXxcTQblb6g6QgDahnATQ7Iqxn6fUaSo5Wd KBH6U 8oUbfvk6eN6DkbmYZb8g8uvsE3bQA==-G00AAETdFtP H7ytGyaIIsKKTjlgr0UtkAS_0_EeY PziGxaYxSoppeL5YcWl2eLKhQIfA4IzE1kh4SC3LnuOMZP-e

Latest 30 of 38 download URLs

Remove uninst.exe - Powered by Reason Core Security