home

deinstaller.exe

White Sea Media

The application deinstaller.exe by White Sea Media has been detected as adware by 30 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
White Sea Media  (signed and verified)

MD5:
ce20c3c9c00743307f56417e5014467c

SHA-1:
3eee39455810c2a9d46ebef499cb0b83a57f45c0

SHA-256:
f6ecb5e561656941b8ed1ad864d5e88026c72a06910ce2e3e90c2fdef28c89ce

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
4/19/2024 9:33:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10455890
478

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
Trojan/Win32.BitCoinMiner
2015.10.13

Avira AntiVirus
TR/BitCoinMinerFC.A.17
8.3.2.2

avast!
Win32:BitCoinMiner-FC [Trj]
2014.9-151014

AVG
Generic
2016.0.2956

Baidu Antivirus
Trojan.Win32.CoinMiner
4.0.3.151014

Bitdefender
Trojan.Generic.10455890
1.0.20.1435

Comodo Security
UnclassifiedMalware
23401

Dr.Web
Trojan.BtcMine.221
9.0.1.0287

Emsisoft Anti-Malware
Trojan.Generic.10455890
8.15.10.14.11

ESET NOD32
Win32/CoinMiner.JO (variant)
9.12395

Fortinet FortiGate
W32/CoinMiner.JO!tr
10/14/2015

F-Secure
Trojan.Generic.10455890
11.2015-14-10_4

G Data
Trojan.Generic.10455890
15.10.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.210.17508

Kaspersky
not-a-virus:Downloader.Win32.Whyseeme
14.0.0.1275

McAfee
Artemis!CE20C3C9C007
5600.6612

MicroWorld eScan
Trojan.Generic.10455890
16.0.0.861

NANO AntiVirus
Trojan.Win32.BtcMine.dbcwdg
0.30.26.3947

nProtect
Trojan.Generic.10455890
15.10.12.01

Qihoo 360 Security
Win32/Trojan.c7f
1.0.0.1015

Reason Heuristics
PUP.WhiteSeaMedia.Installer (M)
15.10.14.23

Sophos
Generic PUA DO (PUA)
4.98

Total Defense
Heur/TrojanHorse.ZCIF!suspicious
37.1.62.1

Trend Micro
TROJ_GEN.F0CBOC0IH14
10.465.14

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen
44490

ViRobot
Trojan.Win32.S.BitCoinMiner.1265376[h]
2014.3.20.0

Zillya! Antivirus
Downloader.Whyseeme.Win32.1
2.0.0.2440

File size:
1.2 MB (1,265,376 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\vlc player gpu+\deinstaller.exe

Digital Signature
Signed by:
White Sea Media

Authority:
COMODO CA Limited

Valid from:
7/7/2013 6:00:00 PM

Valid to:
7/8/2014 5:59:59 PM

Subject:
CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata
Compilation timestamp:
1/11/2014 10:02:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
24576:Z/siiDstA3GYmTgjXQuUbP2NFkwehi4ONlR5JzIkszUuKzH:Z/6D73BcgvUbPukzgR5J5OUTT

Entry address:
0x336000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, B0, 12, 00, 2D, 8F, 8E, 0A, 10, 05, 84, 8E, 0A, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, D9, 7F, 19, 35, 68, 46, 6A, 5D, 4D, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 29, 55, F5, 00, 84, 6B, 67, 1A, 45, 12, 3A, 87, AC, 17...
 
[+]

Entropy:
7.9448  (probably packed)

Code size:
38 KB (38,912 bytes)

Remove deinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.