ciuninstall.exe

Compete Inc

The application ciuninstall.exe by Compete Inc has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Consumer Input (remove only) by Compete Inc.. While running, it connects to the Internet address unallocated.barefruit.co.uk on port 443.
Publisher:
Compete Inc  (signed and verified)

Version:
3.2.4.4285

MD5:
3cf748507f4a0eae62906ac7dec93068

SHA-1:
6a67197c2f25cd2afbdc9af922c23db2016fc667

SHA-256:
5a55352d0bb668d6d1f99feea107f8027de8745d742849e5a24060f474ecd704

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
9/23/2017 5:26:57 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Adware.Compete.1
9.0.1.0268

ESET NOD32
Win32/Compete.E potentially unwanted (variant)
9.12280

IKARUS anti.virus
PUA.Compete
t3scan.1.9.5.0

Malwarebytes
PUP.Optional.Compete
v2015.09.25.09

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Compete.Installer (M)
15.9.25.9

VIPRE Antivirus
Compete
43902

Zillya! Antivirus
Adware.CroRi.Win32.3284
2.0.0.2405

File size:
670.8 KB (686,856 bytes)

Product version:
3.2.4.4285

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\consumer input\ciuninstall.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/21/2014 6:00:00 PM

Valid to:
3/22/2018 6:59:59 PM

Subject:
CN=Compete Inc, O=Compete Inc, L=Boston, S=Massachusetts, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0A6DDD60D9E6C4FAA56565923F8669C2

File PE Metadata
Compilation timestamp:
9/26/2011 8:21:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:70gSQnSt13V+ciWhffnUdJJrUVPc3NmekZq2EH1nQog:46StR3VfOUp+UDY2C1n9g

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9241

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

Program Uninstaller
Program name:
Consumer Input (remove only)

Display publisher:
Compete Inc.

Uninstall string:
"C:\Program Files (x86)\Consumer Input\CIuninstall.exe"


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to unallocated.barefruit.co.uk  (92.242.140.21:443)

Remove ciuninstall.exe - Powered by Reason Core Security