uninstall.exe

Savevid

Bandoo Media Inc

The application uninstall.exe, “Savevid - Uninstall” by Bandoo Media Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Savevid by Bandoo Media Inc.
Publisher:
Bandoo Media Inc  (signed and verified)

Product:
Savevid

Description:
Savevid - Uninstall

Version:
0.0.0.1056

MD5:
b416479303206d50dc58fb2ac06af91b

SHA-1:
20d96b47098ac5c7a9da4323807fd9b5ede43294

SHA-256:
9290f44e4bb78d955a65bbc6c911296b2dee7170c0e89be6132b49b7dd6d66dc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:
12/25/2024 1:00:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.11.15.10

File size:
6.6 MB (6,918,144 bytes)

Product version:
0.0.0.1056

Copyright:
Copyright (c) 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\savevid\uninstall.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
10/19/2015 6:00:00 AM

Valid to:
10/5/2016 5:59:59 AM

Subject:
CN=Bandoo Media Inc, O=Bandoo Media Inc, L=Panama City, S=Panama, C=PA

Issuer:
CN=thawte SHA256 Code Signing CA - G2, O="thawte, Inc.", C=US

Serial number:
6B956A6578BE9947ED82830D03DF2E2E

File PE Metadata
Compilation timestamp:
2/25/2012 1:20:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:O5BuYAVrgUCPnIv9wO8rKwlx/J6CZp+MHuR1pqJPhl/+7thNieo6EH8lOCkqbOZG:O50gUCQvr2LJbOV1pqJPhQlEclOCkqC

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
0.3832

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

Program Uninstaller
Program name:
Savevid

Display publisher:
Bandoo Media Inc

Display version:
0.0.0.1056

Uninstall string:
"C:\Program Files\Savevid\uninstall.exe"


Remove uninstall.exe - Powered by Reason Core Security