home

uninst.exe

ITEA LLC

The application uninst.exe by ITEA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program HpDef. The file has been seen being downloaded from dysy.storial.ru.
Publisher:
ITEA LLC  (signed and verified)

MD5:
2aec169227cdeacd575337ad35e54c52

SHA-1:
468f1c1c4c255f97e53ce80b5531c3985c61d40d

SHA-256:
00f6f1403f307b25526a3ea4a8e3bfc293bbc3511e2b9fd79c925ce91a6fd734

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 11:40:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.HomePageDef.ITEA (M)
16.6.9.0

File size:
231.8 KB (237,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hpdef\uninst.exe

Digital Signature
Signed by:
ITEA LLC

Authority:
COMODO CA Limited

Valid from:
2/18/2016 3:00:00 AM

Valid to:
2/18/2017 2:59:59 AM

Subject:
CN="""ITEA"" LLC", OU=IT, O="""ITEA"" LLC", STREET="prosp. Vyzvolyteliv, 5", L=Kiev, S=Kiev, PostalCode=02660, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
277A5AD5AF3F7ADB181C76A58924E916

File PE Metadata
Compilation timestamp:
2/29/2016 10:25:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.23

CTPH (ssdeep):
6144:iyRjZusHyTDoZ2Hmj2QeCo2MEvI5ShKpNfcgB0A2MU:8sXZ2s2QY2zloNl2MU

Entry address:
0x443E

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, FC, 02, 00, 00, FF, 15, A0, 03, 7B, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 90, 04, 7B, 00, 57, C7, 04, 24, 00, 00, 00, 00, FF, 15, E4, 04, 7B, 00, 52, C7, 04, 24, 09, 00, 00, 00, A3, A8, D4, 7A, 00, E8, 06, 43, 00, 00, A3, 04, D5, 7A, 00, 8D, 85, 34, FD, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, B4, 02, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, CA, B4, 40, 00, FF, 15, F8, 04, 7B, 00, 83, EC, 14, C7, 44, 24, 04, CC, B4, 40, 00, C7...
 
[+]

Code size:
35 KB (35,840 bytes)

Program Uninstaller
Program name:
HpDef

Display version:
2.0.0.107

Uninstall string:
C:\Program Files (x86)\HpDef\uninst.exe


The file uninst.exe has been seen being distributed by the following URL.

http://dysy.storial.ru/installs/.../e03ee6ef.exe

Remove uninst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.