uninstalltool.exe

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application uninstalltool.exe by SIEN S.A has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. The file has been seen being downloaded from uninstall.iminent.com and multiple other hosts.
Publisher:
SIEN S.A.  (signed and verified)

MD5:
ad2ef783b75403a0fdcfaf31bcb3fc3d

SHA-1:
0ba983dd3c431ccd4f5f57727169563fb908c019

SHA-256:
b6fce94de0cad8ec1ccb77ff6703a0365a6bc8c4c62698563ea0daf7c3902fb3

Scanner detections:
8 / 68

Status:
Potentially unwanted

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 1:53:26 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Toolbar
2014.07.07

Dr.Web
Adware.Searcher.2652
9.0.1.0287

Malwarebytes
PUP.Optional.Iminent
v2014.10.14.12

McAfee
Artemis!AD2EF783B754
5600.6977

Reason Heuristics
PUP.SIENSA.N
14.10.14.12

Trend Micro House Call
Suspicious_GEN.F47V0616
7.2.287

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Iminent
31050

File size:
1.5 MB (1,586,232 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Common path:
C:\users\{user}\downloads\uninstalltool.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/22/2012 1:00:00 AM

Valid to:
8/23/2014 12:59:59 AM

Subject:
CN=SIEN S.A., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SIEN S.A., L=Paris, S=France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
514EA00D30C8C244C3E818890BF73967

File PE Metadata
Compilation timestamp:
8/22/2013 2:00:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:EHv64tuU3dlQt1cWjf+KDE0DfTxFF8/RRFk:EP64BdmtjfjDE0D/F8/PFk

Entry address:
0x1D348

Entry point:
E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, F4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CD, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
7.8978  (probably packed)

Code size:
148.5 KB (152,064 bytes)

The file uninstalltool.exe has been seen being distributed by the following 2 URLs.

http://uninstall.iminent.com/.../?key=MTM5OTcwNTM4Mw==

Remove uninstalltool.exe - Powered by Reason Core Security