home

yusetup7.exe

Your Uninstaller! 7

URSoft, Inc.

The application yusetup7.exe, “Your Uninstaller! 7 Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.ursoftware.com.
Publisher:
URSoft, Inc.

Product:
Your Uninstaller! 7

Description:
Your Uninstaller! 7 Setup

Version:
7.5.2014.3

MD5:
2e319d3e59b98f3cefc7b59d94fd63ca

SHA-1:
21db651e27783331be39d2c663ebd2ffbe49f89a

SHA-256:
a348ebee9b005955991438e8d77be83471ff76c6526f50a1aa372134105cef62

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 12:03:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.URSoft.Optional.Installer.Meta (L)
16.4.2.19

File size:
6.6 MB (6,896,320 bytes)

Product version:
7.5.2014.3

Copyright:
Copyright © 1998-2012 URSoft, Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\yusetup7.exe

File PE Metadata
Compilation timestamp:
12/25/2011 4:18:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:XZ3v555GvgQ3Y01sOxGhY9Swb42KRW4+t5N0/lKwS1d2/n3yvU0dVf2Y94ZDd0D:XphGvgQo06O39LJKR7+XN7114/ayYmfg

Entry address:
0x16478

Entry point:
84, FE, 09, EF, 81, FB, D3, 19, 00, 00, 73, 04, 4A, 0F, AF, D9, 75, 04, 87, D9, 84, E5, 11, C2, E8, 57, 00, 00, 00, F7, C7, 17, 4D, 42, 95, 88, FC, BB, 63, 5A, 00, 00, F7, D7, 81, F3, 57, 74, 00, 00, 12, D1, 81, EB, 34, 2E, 00, 00, 3B, F1, 76, 02, 87, CF, 8D, 35, A1, 7E, 5C, B3, 81, C3, 78, FD, FF, FF, 0F, AF, F2, 81, C3, 89, 02, 00, 00, 72, 06, B9, AC, 01, 69, EE, 48, B0, DD, 70, 0B, 69, C8, 34, 55, 98, B5, 80, CD, 2F, 87, C1, 81, FB, E7, 01, 00, 00, 72, C6, F7, C5, 4F, 71, 7A, 96, 69, F6, D6, F5, FD, D9...
 
[+]

Entropy:
7.9834  (probably packed)

Code size:
84 KB (86,016 bytes)

The file yusetup7.exe has been seen being distributed by the following URL.

http://www.ursoftware.com/.../yusetup.exe

Remove yusetup7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.