» UninstallSurvey.exe
Overview
Analysis
File Details
Behaviors (1)

UninstallSurvey.exe

UninstallSurvey Module

Musiclab, LLC

The application UninstallSurvey.exe by Musiclab has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program BearShare by BearShare.

File name:

UninstallSurvey.exe

Publisher:

Musiclab, LLC (signed and verified)

Product:

UninstallSurvey Module

Version:

1, 0, 0, 1

MD5:

b5c992036506772a6e321357799d16da

SHA-1:

9b52f68a9e522e7140fc1f58d53c4c40af707469

SHA-256:

962f173933be5bdb42ab47731608f1ee6ef6b8cb544adda2ed3146a0f71933d7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 3:40:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Musiclab.Installer

16.11.13.1

File size:

147.7 KB (151,224 bytes)

Product version:

1, 0, 0, 1

Original file name:

UninstallSurvey.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\bearshare applications\bearshare\uninstallsurvey.exe

Digital Signature

Signed by:

Musiclab, LLC

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

4/12/2007 2:00:00 AM

Valid to:

5/5/2008 1:59:59 AM

Subject:

CN="Musiclab, LLC", OU=SECURE APPLICATION DEVELOPMENT, O="Musiclab, LLC", L=New York, S=New York, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

2830FE3621196B9BFE955DD0180EF55B

File PE Metadata

Compilation timestamp:

5/17/2007 1:48:37 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:xOYDRdV9hO+XTA16IW1dh/g+uYzRCUO1C0iI233mDonHsMsdK9SnY:xOYDRdV/5s6vZNZzsUJ0iD33voe

Entry address:

0xC192

Entry point:

6A, 74, 68, 18, D4, 40, 00, E8, 3E, 02, 00, 00, 33, FF, 89, 7D, E0, 57, 8B, 1D, DC, D0, 40, 00, FF, D3, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 7D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, B9, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 02, FF, 15, 44, D2, 40, 00, 59, 83, 0D, 48, 13, 41, 00, FF, 83... 
[+]

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

46.5 KB (47,616 bytes)

Program Uninstaller

Program name:

BearShare

Display publisher:

BearShare

Uninstall string:

C:\Program Files (x86)\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~2\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~2\BEARSH~1\BEARSH~1\INSTALL.LOG

Remove UninstallSurvey.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.