UninstallSurvey.exe

UninstallSurvey Module

Discordia Limited

The application UninstallSurvey.exe by Discordia Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Shareaza by Shareaza.
Publisher:
Discordia Limited  (signed and verified)

Product:
UninstallSurvey Module

Version:
1, 0, 0, 1

MD5:
9874bab0413124626538e214c545bb45

SHA-1:
7f63b3ecf112bba7c785f07059218a1507fd0eef

SHA-256:
e451b80cd6a817faacf4e01a00f208c45169abefb7a0c54949bfe2ffe181a27c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 8:35:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Discordia.Installer (M)
16.6.14.0

File size:
517.9 KB (530,368 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2006

Original file name:
UninstallSurvey.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shareaza applications\shareaza\uninstallsurvey.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/20/2007 2:00:00 AM

Valid to:
7/12/2008 1:59:59 AM

Subject:
CN=Discordia Limited, OU=SECURE APPLICATION DEVELOPMENT, O=Discordia Limited, L=Limassol, S=Limassol, C=CY

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
11AFC84D429F1051969C3D383A099739

File PE Metadata
Compilation timestamp:
12/11/2007 10:41:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:9QbA/oaG4dpFHUCNaVSG0wl6vxuMDOfH71lnvZYg+rCaADGGT4uTe9tn:9QbA/Y4dpFTNMSJXJJISU/

Entry address:
0x65B8

Entry point:
6A, 60, 68, 38, C3, 40, 00, E8, 58, 05, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, D0, 1F, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 2C, C1, 40, 00, 8B, 4E, 10, 89, 0D, 34, F7, 40, 00, 8B, 46, 04, A3, 40, F7, 40, 00, 8B, 56, 08, 89, 15, 44, F7, 40, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 38, F7, 40, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 38, F7, 40, 00, C1, E0, 08, 03, C2, A3, 3C, F7, 40, 00, 33, F6, 56, 8B, 3D, 24, C1, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
42.5 KB (43,520 bytes)

Program Uninstaller
Program name:
Shareaza

Display publisher:
Shareaza

Uninstall string:
C:\Program Files\Shareaza Applications\Shareaza\UninstallSurvey.exe C:\PROGRA~1\SHAREA~1\Shareaza\UNWISE.EXE C:\PROGRA~1\SHAREA~1\Shareaza\INSTALL.LOG


Remove UninstallSurvey.exe - Powered by Reason Core Security