» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Forden Limited

The application uninstall.exe by Forden Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Smart Menu by Smart Menu.

File name:

uninstall.exe

Publisher:

Forden Limited (signed and verified)

MD5:

aa535a9f4eb6dd7db5ae336983259502

SHA-1:

1a53fbf1cf8a3b5d0d38ec213cd71c5a616476d2

SHA-256:

72aee4649d80bba2a567cfdfeac920180bfb256e7f8097e4b78fc4a4b32b3669

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 10:42:17 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

15.12.27.9

File size:

130.4 KB (133,512 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\smart menu\uninstall.exe

Digital Signature

Signed by:

Forden Limited

Authority:

VeriSign, Inc.

Valid from:

9/29/2013 8:00:00 PM

Valid to:

9/30/2015 7:59:59 PM

Subject:

CN=Forden Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Forden Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6461487D97F357A58308D95A226D26EC

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:hpgpHzb9dZVX9fHMvG0D3XJ5gdLeAyNlI50Tld6KOJDIfbmsOoEfViFBBKb:bgXdZt9P6D3XJ5ceAb5e6Kbfizfo7U

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

5.3544

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Program Uninstaller

Program name:

Smart Menu

Display publisher:

Smart Menu

Display version:

4.0

Uninstall string:

"C:\Program Files\Smart Menu\Uninstall.exe"

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.