Gridinsoft Logo
File Icon

The uninstall.exe (REM) File Analysis

Updated 3 months ago
Checked by Malware Check
uninstall.exe

Technical Analysis

File Name uninstall.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
196608:1nw9FZZSgOFM3GMVVLPT6wWtC3VLqZUVm0G/9q65bYPbyg/xcYN8GcJZTK:1nsFiGLVWtC3VLuV55bYOgpcYN94Ze
Scanner Version 1.0.226.174
Database Version 2025-10-08 09:00:34 UTC

Suspicious File Detected

Detected by 7 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
10%
Detection Rate
13,789,218
File Size (bytes)
7/72
Engines Detected
2025-10-08
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
0cfef30c0db88b72f2c0ea44cfff30ff
SHA1
128c85df3973e37b7ded4f16f6004e1cebef4412
SHA256
30b6fd467454cecdd34c4dec56cc8653a02f0f9533284323ae1d825d2aa894e1
SHA512
445c08d35fa6483c8e6818a6ccc2098545248d6eac19a0289a6a6008ece10fd3e8de113388adbf35881699f0ac6cc97de2526edfa5d93fa977a6bd78de5283b5
ImpHash
d98fd2151f53ca3495c405a6765b27f2

Security Engines with Detections (7 of 72)

Paloalto
generic.ml Malicious
McAfeeD
ti!30B6FD467454 Malicious
Jiangmin
Packed.Dico.azd Malicious
VBA32
TScope.Trojan.Delf Malicious
Rising
Trojan.Occamy!8.F1CD (RDMK:cmRtazoQ+wt6hiyQNdBubeudi22z) Malicious
TrellixENS
Artemis!0CFEF30C0DB8 Malicious
MaxSecure
Trojan.Malware.300983.susgen Malicious
65 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 49c70cb440323014f6da8d9ed9d5cb5b
Fuzzy: 0ba10d8297cb04c716359fc5b74dbc87
dHash: 649490b9c09492c8
Image Base 0x00400000
Entry Point 0x006a1a88
Compilation Time 2018-01-20 23:31:01
Checksum 0x00000000 (Actual: 0x00d2b348)
OS Version 5.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 12 libraries
Exports 3 functions
Resources 108 Resources
Sections 10 Sections

Version Information

CompanyName REM
FileVersion 1.4.0.25
InternalName REM
LegalCopyright REM
LegalTrademarks REM
OriginalFilename REM
ProductVersion 1.4.0.0
Comments REM
ProgramID REM
FileDescription REM
ProductName REM
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 2,739,004 bytes 2,739,200 bytes 6.47 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ F91BD7ED83EEBE522F1A778CC94053CC
.itext 0x0029e000 15,120 bytes 15,360 bytes 5.86 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E0F02E6601019315ECE0A61E1DCFEB92
.data 0x002a2000 561,708 bytes 562,176 bytes 3.96 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 61DB04AA65282EFC80EC380F7F1D3164
.bss 0x0032c000 636,916 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.idata 0x003c8000 13,674 bytes 13,824 bytes 5.24 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6D417B35DA56FF9892D3E18317649BAD
.didata 0x003cc000 2,848 bytes 3,072 bytes 4.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2DD87D03DF7265784D484462129FC0A6
.edata 0x003cd000 164 bytes 512 bytes 2.03 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5FFA09D90AE813DE46AF923221FBF644
.tls 0x003ce000 84 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rdata 0x003cf000 93 bytes 512 bytes 1.37 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9C7549E9A582716C835940FC1064E38E
.rsrc 0x003d0000 4,016,918 bytes 4,017,152 bytes 6.65 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6AE6A91058D17FCA02FCF3A7EE6ED9CD
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 108 (4,010,507 bytes)
Resource Type Count Total Size Percentage
UNICODEDATA 6 167,861 bytes
4.2%
VCLSTYLE 2 99,490 bytes
2.5%
RT_CURSOR 10 3,080 bytes
0.1%
RT_BITMAP 21 6,964 bytes
0.2%
RT_ICON 2 98,662 bytes
2.5%
RT_STRING 41 43,312 bytes
1.1%
RT_RCDATA 13 3,588,512 bytes
89.5%
RT_GROUP_CURSOR 10 200 bytes
0%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 1 700 bytes
0%
RT_MANIFEST 1 1,706 bytes
0%

Certificate Chain Analysis

Certificate Information
Product REM
Description REM
File Version 1.4.0.25
Original Name REM
Internal Name REM
Copyright REM

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
7 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware