» Uninstall.exe
Overview
Analysis
File Details
Programs (1)

Uninstall.exe

Picexa Viewer

Taiwan Shui Mu Chih Ching Technology Limited

The file Uninstall.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program Picexa by Taiwan Shui Mu Chih Ching Technology Limited.. It is also typically executed from the user's temporary directory.

File name:

Uninstall.exe

Publisher:

Taiwan Shui Mu Chih Ching Technology Limited (signed and verified)

Product:

Picexa Viewer

Version:

2.1.3.278

MD5:

c02dfd669d3bd98e195494ecd54dadb1

SHA-1:

bcc0dd64ddbbbcab30bc35d3a98f0d525487e8d3

SHA-256:

bc40549105bcf71597311c1e71883ee3fff40d0494bd7bc8549d70b9b51535bc

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

11/27/2024 1:38:26 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3158

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Mutabaha.229

9.0.1.085

herdProtect (fuzzy)

variant of uninstall.exe (Adware)

2015.7.1.8

Reason Heuristics

PUP.Thinknice

15.3.26.12

File size:

408.7 KB (418,488 bytes)

Product version:

2.1.3.278

Original file name:

Uninstall.exe

Common path:

C:\users\{user}\appdata\local\temp\_@68aa.tmp

Digital Signature

Signed by:

Taiwan Shui Mu Chih Ching Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

3/4/2015 11:26:37 AM

Valid to:

3/4/2016 11:26:37 AM

Subject:

CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=Taipei City, S=Taiwan, C=TW

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121003857AB2AD439A7293EF2F1A8B3DCB6

File PE Metadata

Compilation timestamp:

3/24/2015 9:17:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:7jVfoXfuU1O6q72Qm2deSgAQt/zWkaGYotiV8qsZfcdClibDjZdNz6ptC5Sb:BoXu2edexASzAdSiV8qsZfcdClif3Sb

Entry address:

0x32B3E

Entry point:

E8, CE, 04, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 30, 92, 43, 00, 55, 8B, EC, FF, 15, 84, 91, 43, 00, 6A, 01, A3, D4, 8F, 45, 00, E8, BF, 05, 00, 00, FF, 75, 08, E8, BD, 05, 00, 00, 83, 3D, D4, 8F, 45, 00, 00, 59, 59, 75, 08, 6A, 01, E8, A5, 05, 00, 00, 59, 68, 09, 04, 00, C0, E8, A6, 05, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 6B, 15, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, B8, 8D, 45, 00, 89, 0D, B4, 8D, 45, 00, 89, 15, B0, 8D, 45, 00, 89, 1D, AC, 8D, 45, 00, 89, 35, A8... 
[+]

Entropy:

6.0081

Code size:

222 KB (227,328 bytes)

The file Uninstall.exe has been discovered within the following program.

Picexa by Taiwan Shui Mu Chih Ching Technology Limited.

About 2% of users remove it

Remove Uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.