uninstall.exe

The application uninstall.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program FTdownloader V9.0 by installdaddy.
MD5:
92f02020e73d9beb0ba89d1f2c79f87f

SHA-1:
50c0f4a3f38f3e10ec007100874405482b6b8cd5

SHA-256:
535b7563f4ee6251eed7a73be7cbf3a0fcecabe489323ee70b38cae7f6b9b03e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 11:29:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bundler.InstallDaddy.Meta
15.6.13.15

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
75.5 KB (77,312 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ftdownloader v9.0\uninstall.exe

File PE Metadata
Compilation timestamp:
11/19/2013 2:16:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
768:u8evUX/OmUV/rfsbXHMPc1TpwcKVe09W/otmMwZ+tEm1FrGdWuc6NKWBXTHL8Ihs:wwVMixozmbMEnnc4XrXsWjcdFFtx

Entry address:
0x3361

Entry point:
E8, BB, 61, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 1A, 41, 00, E8, 79, 63, 00, 00, E8, 57, 28, 00, 00, 0F, B7, F0, 6A, 02, E8, 4E, 61, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2F, 5B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
48 KB (49,152 bytes)

Program Uninstaller
Program name:
FTdownloader V9.0

Display publisher:
installdaddy

Display version:
1.34.1.29

Uninstall string:
C:\Program Files (x86)\FTdownloader V9.0\Uninstall.exe /fromcontrolpanel=1


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (205.251.243.4:80)

Remove uninstall.exe - Powered by Reason Core Security