» uninst.exe
Overview
Analysis
File Details
Behaviors (1)

uninst.exe

PC Software

The application uninst.exe by PC Software has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program WindeskWinsearch 1.0 by PCSoftware. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

uninst.exe

Publisher:

PC Software (signed and verified)

MD5:

64c08a16c2924b7b4dda18d8e62d47ad

SHA-1:

eddeb37e47a63da7a3cd9222f6d8e7d734a157ce

SHA-256:

e3e19a36afa372cfe4a25a513efb7361aa052c1eb0089d46ab5f79e4754d4f85

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/6/2024 5:39:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PCSoftware.Installer (M)

16.1.15.0

Trend Micro House Call

Suspicious_GEN.F47V0117

7.2.153

VIPRE Antivirus

InstallMonetizer

37530

File size:

61.7 KB (63,168 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\windeskwinsearch\uninst.exe

Digital Signature

Signed by:

PC Software

Authority:

COMODO CA Limited

Valid from:

9/9/2014 7:00:00 PM

Valid to:

9/10/2015 6:59:59 PM

Subject:

CN=PC Software, O=PC Software, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FFFC8D338C67107439C065EF8036902F

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:vpgpHzb9dZVX9fHMvG0D3XJHgkidWELeAyNlIo5aI140riik:RgXdZt9P6D3XJHJOteAbc3k

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

6.6436

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Program Uninstaller

Program name:

WindeskWinsearch 1.0

Display publisher:

PCSoftware

Display version:

1.0

Uninstall string:

C:\Program Files (x86)\WindeskWinsearch\uninst.exe

Remove uninst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.