uninstall.exe

Panda Security URL Filtering

GreenSearchSecurity

The application uninstall.exe, “Panda Security URL Filtering Uninstaller” by GreenSearchSecurity has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Panda Security URL Filtering by Panda Security. This file is typically installed with the program Panda Security URL Filtering by Panda Security.
Publisher:
Panda Security  (signed by GreenSearchSecurity)

Product:
Panda Security URL Filtering

Description:
Panda Security URL Filtering Uninstaller

Version:
2.0

MD5:
5fb16f0db7726d33b944c540c221333b

SHA-1:
527179726fca7bc0e3bfb4debfbafe14b6109da8

SHA-256:
23c2a3eee97bc5d347f4a0e0238bb611c9f44c4bdb3c0026fa8c881b7eaf81c5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:28:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GreenSearchSecurity.Optional.Installer.Meta (L)
16.1.5.0

File size:
132.9 KB (136,112 bytes)

Product version:
2.0.1.24

Copyright:
© Panda Security

Trademarks:
Panda Security, All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\ProgramData\application data\panda security url filtering\uninstall.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/6/2014 8:00:00 PM

Valid to:
5/7/2015 7:59:59 PM

Subject:
CN=GreenSearchSecurity, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GreenSearchSecurity, L=Montreal, S=Quebec, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
308A16A974A713BAD17FDCAAAA27C1

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:pQpQ5EP0ijnRTXJZKPrft50XwQdQR2ofNTYLCPE113hf9ILugm1pi2bwQfRC5:pQIURTXJZKjnq+F0LC8Tf9gm1s2EH

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2013

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Program Uninstaller
Program name:
Panda Security URL Filtering

Display publisher:
Panda Security

Display version:
2.0.2.0

Uninstall string:
C:\ProgramData\Panda Security URL Filtering\uninstall.exe


The file uninstall.exe has been discovered within the following program.

Panda Security URL Filtering  by Panda Security
The Panda Security Toolbar is a free optional toolbar that comes with Panda Cloud. The toolbar provides web filtering along with some features that may come in handy for users. The toolbar works on Internet Explorer and Firefox only.
60% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to visicom-58.nationalnet.com  (66.115.130.30:80)

Remove uninstall.exe - Powered by Reason Core Security