uninst000.exe

Savepath Deals

The application uninst000.exe by Savepath Deals has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Savepath Deals which is a potentially unwanted software program.
Publisher:
Savepath Deals  (signed and verified)

MD5:
326fe0c529c33aa3678d0b63556fb25b

SHA-1:
8408dc847d5f26fe438d850fdc080ac5c7a42957

SHA-256:
09409219c45aa4a022d7eab47f04271188f8d5f6caa5e8031fdb4041dc1c9563

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 2:57:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SavepathDeals (M)
15.11.11.9

File size:
814.8 KB (834,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\savepath deals\uninst000.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/16/2013 7:00:00 PM

Valid to:
5/17/2014 6:59:59 PM

Subject:
CN=Savepath Deals, O=Savepath Deals, STREET=2526 W Macarthur blvd, STREET=UNIT G, L=Santa Ana, S=CA, PostalCode=92704, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0080BC518A6FEE7C80D4DA50F0F5EEB4DA

File PE Metadata
Compilation timestamp:
5/20/2013 9:45:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:VCF+zmGVtOp7EHoIl7nJahdCI1G2RcxWuDbZSmY+/RtbZKNFOYLk99HdweRGfisv:VCkzRNo+nJYAUZ6DbEmBkOYA99BK

Entry address:
0x8E9F4

Entry point:
E8, D6, 74, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 54, F6, 4B, 00, 75, 02, F3, C3, E9, 60, 75, 00, 00, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 68, A5, 4A, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 70, A5, 4A, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, 32, 39, 00, 00, 8D, 70, 01, 56, E8, D2, 1F, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 11, FF, 75, 08, 56, 50, E8, 09, 76, 00, 00, 83, C4, 0C, C6, 47, 08, 01, 5E, 5F, 5D...
 
[+]

Entropy:
6.6701

Code size:
674 KB (690,176 bytes)

The file uninst000.exe has been discovered within the following program.

Savepath Deals  by Savepath Deals
Publisher's description - “Download and install our small browser add-on to get started. Don't worry our app is free and only shows minimal ads that won't get in the way. If you want to remove our app at anytime you can uninstall it.”
www.savepathdeals.com
64% remove it
 
Powered by Should I Remove It?

Remove uninst000.exe - Powered by Reason Core Security