Uninstaller.exe

  • File Path: C:\Program Files (x86)\Glary Utilities 5\Uninstaller.exe
  • Description: Glary Utilities Uninstaller

Screenshot

Uninstaller.exe

Hashes

Type Hash
MD5 D4A5B0E1591FE45B9D3661F11D27E3B6
SHA1 C88B110F1F8A1E2CDB8B8ADB7A30396B01BDC613
SHA256 47104FC1F2D3867DC57873B614486C1914FE2E40EE8673DE54DF0C5E8273FFBB
SHA384 A1029C69B452E58F26F9C961E046EEF49D281CE1988DBB4C914549AA718C77E0010DE2EF7E06DF9D1546C0BFAB239A81
SHA512 DDDB50F65CAF6445B303597572850EAD10D72837B63A1F766B187D3AB81D3E9862FE6B4C5EEA9CF353126AEBC809104724C644C86AEA217DE874099A1E67500A
SSDEEP 6144:rVWpmtlYjMRGDnHmTnED5yh/OGTPIiInUAQ8wbA:JqHjMRGLHqQ4hVSndQ8wbA
IMP 38F29552FED009C07241FA95DC707EB5
PESHA1 81393B3F5D40BBCAF56792524BF5B0F167F8D664
PE256 7480F8EC13BECD6558D946EAC97EAEE1D9FAB9489CEF25169607EF293C7DF284

Runtime Data

Window Title:

Uninstall Manager

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(RW-) C:\Program Files (x86)\Glary Utilities 5 File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94 File
(RW-) C:\xCyclopedia File
(RWD) C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db File
(RWD) C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme2547664911 Section
\Windows\Theme3854699184 Section

Loaded Modules:

Path
C:\Program Files (x86)\Glary Utilities 5\Uninstaller.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 0F05AE21CDC17B9F3CF09D7BFC659BA3
  • Thumbprint: 362EBB303E088105BDCC07D94E6B7875D30C0D06
  • Issuer: CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=Glarysoft LTD, O=Glarysoft LTD, S=Beijing, C=CN

File Metadata

  • Original Filename: unInstaller.exe
  • Product Name: Glary Utilities
  • Company Name: Glarysoft Ltd
  • File Version: 5.3.0.28
  • Product Version: 5.3.0.1
  • Language: Chinese (Simplified, China)
  • Legal Copyright: Copyright (c) 2003-2020 Glarysoft Ltd
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 1/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/47104fc1f2d3867dc57873b614486c1914fe2e40ee8673de54df0c5e8273ffbb/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Glary Utilities 5\Uninstaller.exe 94
C:\program files (x86)\Glary Utilities 5\Uninstaller.exe 96

Possible Misuse

The following table contains possible examples of Uninstaller.exe being misused. While Uninstaller.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc evilnum \|919C812C524EAE95781E64FE9B9B035542727FD0\|MagicTransfers.exe\|NVIDIA Uninstaller Utility (unsigned)\|738020EBFDAEBE59F7F0AECBAC9DCBEE3CA62D55``{:.highlight .language-cmhg} © ESET 2014-2018
malware-ioc misp-kryptocibule.json "value": "magnet:?xt=urn:btih:icwxb43ebmema4xnk42aines3f2jfmpd&dn=Ashampoo UnInstaller v8.00.12 (2-click run).zip&xl=30490782&fc=1", © ESET 2014-2018
malware-ioc kryptocibule \|magnet[:]?xt=urn[:]btih[:]icwxb43ebmema4xnk42aines3f2jfmpd&dn=Ashampoo UnInstaller v8.00.12 (2-click run).zip&xl=30490782&fc=1\| - © ESET 2014-2018
atomic-red-team T1562.001.md Uninstall Crowdstrike Falcon. If the WindowsSensor.exe path is not provided as an argument we need to search for it. Since the executable is located in a folder named with a random guid we need to identify it before invoking the uninstaller. MIT License. © 2018 Red Canary
signature-base apt_wildneutron.yar $s4 = “ Player Installer/Uninstaller” fullword wide /* PEStudio Blacklist: strings / / score: ‘11.42’ */ CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.