» zduninstall.exe
Overview
Analysis
File Details
Downloads (1)

zduninstall.exe

UACInstaller

The application zduninstall.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The file has been seen being downloaded from cdn.install.oibundles.com.

File name:

zduninstall.exe

Publisher:

Microsoft* (Invalid match)

Product:

UACInstaller

Version:

1.0.0.0

MD5:

015706f236dd3869538728c8a1e28617

SHA-1:

c17851076c7cd96b3420e783c144f0dd68b75ca3

SHA-256:

7a297fc0bdc8270590bf5698f87a5446f7bda63347bfa4fdeb440af2eb1efcc9

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

11/30/2024 11:06:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.577251

1094

Avira AntiVirus

SPR/Tool.135168.10

7.11.120.204

Baidu Antivirus

AdWare.Win32.iBryte

4.0.3.1425

Bitdefender

Application.Generic.577251

1.0.20.180

Bkav FE

W32.Clod1ec.Trojan

1.3.0.4613

Comodo Security

ApplicUnwnt

17469

ESET NOD32

MSIL/Adware.iBryte (variant)

8.9190

F-Secure

Application.Generic.577251

11.2014-05-02_4

G Data

Application.Generic.577251

14.2.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

K7 AntiVirus

Adware

13.174.10575

MicroWorld eScan

Application.Generic.577251

15.0.0.108

Trend Micro House Call

ADW_IBRYTE

7.2.36

Trend Micro

ADW_IBRYTE

10.465.05

VIPRE Antivirus

iBryte

24536

File size:

132 KB (135,168 bytes)

Product version:

1.0.0.0

Original file name:

DownloadManager_Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\zduninstall.exe

File PE Metadata

Compilation timestamp:

4/2/2012 9:20:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:S+y6IYrSw+GY64RAL5D712Xa913cvNcAZ6SQNoFAA:y6mGY6WmD71t9lcvNH

Entry address:

0x2207E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.7559

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

128.5 KB (131,584 bytes)

The file zduninstall.exe has been seen being distributed by the following URL.

http://cdn.install.oibundles.com/bundles/.../zduninstall.exe

Remove zduninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.