» uninstall.exe
Overview
Analysis
File Details

uninstall.exe

孙中元

The executable uninstall.exe has been detected as malware by 12 anti-virus scanners.

File name:

uninstall.exe

Publisher:

孙中元 (signed and verified)

Version:

1.0.0.1

MD5:

e056195c1dc14b2386f1e32a548a3d48

SHA-1:

a290b94a3840b593df734b2495fdff3b81504630

SHA-256:

d702558bddf28035d4f9797c9a291b29dd37a969628ed6ffd8fc1b86c20463f3

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

11/28/2024 4:51:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2196439

209

avast!

Win32:GenMaliciousA-AEO [Trj]

2014.9-160709

Bitdefender

Trojan.GenericKD.2196439

1.0.20.955

Emsisoft Anti-Malware

Trojan.GenericKD.2196439

8.16.07.09.08

Fortinet FortiGate

W32/Generic!tr

7/9/2016

F-Secure

Trojan.GenericKD.2196439

11.2016-09-07_7

G Data

Trojan.GenericKD.2196439

16.7.25

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-69

MicroWorld eScan

Trojan.GenericKD.2196439

17.0.0.573

nProtect

Trojan.GenericKD.2196439

15.03.06.01

Quick Heal

Trojan.Generic.r4

7.16.14.00

Trend Micro House Call

TROJ_GEN.R047H07BG15

7.2.191

File size:

611.6 KB (626,320 bytes)

Product version:

1.0.0.1

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\liangxiawallpaper\uninstall.exe

Digital Signature

Signed by:

孙中元

Authority:

Unizeto Technologies S.A.

Valid from:

1/6/2014 8:00:00 AM

Valid to:

1/6/2015 8:00:00 AM

Subject:

CN="Open Source Developer, 孙中元", O=孙中元, C=CN

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

1EFA0F2B42B625FC1E90EF0F3C093B28

File PE Metadata

Compilation timestamp:

2/2/2015 11:14:57 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:F4k0fJBzMGvKRz4xJeAHJr0BzCL1PCL1DdU2CQEpX:qBz5KRz4xLgzCL1PCL16pX

Entry address:

0x2F653

Entry point:

E8, 81, 75, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, D4, 07, 46, 00, 75, 02, F3, C3, E9, 01, 76, 00, 00, 6A, 0C, 68, 58, A2, 45, 00, E8, F8, 2C, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, B0, 60, 46, 00, 77, 22, 6A, 04, E8, 59, 78, 00, 00, 59, 83, 65, FC, 00, 56, E8, 9B, 80, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 04, 2D, 00, 00, C3, 6A, 04, E8, 56, 77, 00, 00, 59, C3, 55, 8B, 6C, 24, 08, 83, FD, E0, 0F, 87, 9F, 00, 00, 00, 53, 8B, 1D, C8, C1, 44, 00, 56, 57, 33... 
[+]

Entropy:

6.8753

Code size:

300 KB (307,200 bytes)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.