uninstall.exe

AssetsManager

Aztec Media inc.

The application uninstall.exe, “Assets Manager Uninstall” by Aztec Media inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Assets Manager by Aztec Media Inc.
Publisher:
Aztec Media Inc  (signed by Aztec Media inc.)

Product:
AssetsManager

Description:
Assets Manager Uninstall

Version:
5.0.0.16186

MD5:
0090ebd6d932e1c74cae85114a4935c9

SHA-1:
04a9e7d8547e6f69f7fe7de74f5ed576d4f6ec5f

SHA-256:
c3284d03d2872eff9767b60ab617a964741f518bc8fe10f4e782ff46e6cd9fce

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 6:40:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bandoo.AztecMed.Installer (M)
16.7.7.9

File size:
112.3 KB (114,976 bytes)

Product version:
5.0.0.16186

Copyright:
Copyright (c) 2005 - 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\assets manager\smdmf\uninstall.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/31/2015 8:00:00 PM

Valid to:
2/1/2018 6:59:59 PM

Subject:
CN=Aztec Media inc., O=Aztec Media inc., L=Panama City, S=Panama City, C=PA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2AF6396322BF5B08910274FFE4241447

File PE Metadata
Compilation timestamp:
2/24/2012 2:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:cweqOYEUXPncMtUxiytRIG7rxakoHBN08t:dEUXx67ttxHoHBj

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

Program Uninstaller
Program name:
Assets Manager

Display publisher:
Aztec Media Inc

Display version:
5.0.0.16186

Uninstall string:
C:\Program Files\Assets Manager\smdmf\Uninstall.exe /browser=all


Remove uninstall.exe - Powered by Reason Core Security