home

iobit-uninstaller.exe

Bogdan Didenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application iobit-uninstaller.exe by Bogdan Didenko has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.programas-gratis.net. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
Bogdan Didenko  (signed and verified)

MD5:
3596aeb936966eec21c51937adb6b683

SHA-1:
1ea6e07c4d74317ea5ffd9436f584a661c07d809

SHA-256:
026d143e8f45894c278a933f71fc0dee58ad1bc06fd8e54cd4a341654d0c6c3e

Scanner detections:
18 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 10:10:17 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Badur
7.1.1

AhnLab V3 Security
Trojan/Win32.Downloader
14.05.11

Avira AntiVirus
TR/Badur.hqbg
7.11.146.148

avast!
Win32:Dropper-gen [Drp]
2014.9-140511

AVG
Downloader.Agent2
2015.0.3477

Baidu Antivirus
Trojan.Win32.Downloader
4.0.3.14511

ESET NOD32
Win32/TrojanDownloader.Agent.AOB
8.9746

Fortinet FortiGate
W32/Genome.ALF!tr.dldr
5/11/2014

IKARUS anti.virus
Trojan-Downloader.Win32.Genome
t3scan.1.6.1.0

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.3882

Malwarebytes
Trojan.Downloader
v2014.05.11.03

McAfee
Artemis!3B7EC85F70BD
5600.7133

Panda Antivirus
Generic Malware
14.05.11.03

Qihoo 360 Security
Win32/Trojan.Downloader.3b5
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.5.11.15

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBH07DU14
7.2.131

VIPRE Antivirus
Trojan.Win32.Generic
28918

File size:
448.7 KB (459,424 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
WebPick InstalleRex

Common path:
C:\users\{user}\downloads\iobit-uninstaller.exe

Digital Signature
Signed by:
Bogdan Didenko

Authority:
COMODO CA Limited

Valid from:
9/12/2013 2:00:00 AM

Valid to:
9/13/2014 1:59:59 AM

Subject:
CN=Bogdan Didenko, O=Bogdan Didenko, STREET=Revutskogo 44, L=Kiev, S=Kiev, PostalCode=02140, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E6A93AF5D57B453D0C73ABE3E41C7DCC

File PE Metadata
Compilation timestamp:
5/8/2014 3:21:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:PUA7AlvowEueySHm4fbb++aM3yTVn3LRvO+S6f7bUtuhEP4IDjN:8A7+EuwmyP++Fg3hO+S6f7b/EP4SjN

Entry address:
0x1CB88

Entry point:
E8, 0E, 80, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 9C, 15, 44, 00, 75, 02, F3, C3, E9, B9, 81, 00, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, AC, 67, 43, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, C4, 50, 43, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F...
 
[+]

Code size:
205.5 KB (210,432 bytes)

The file iobit-uninstaller.exe has been seen being distributed by the following URL.

http://www.programas-gratis.net/.../iobit-uninstaller

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

TCP (HTTP):
Connects to c1.stylezip.info  (54.186.255.26:80)

 
http://c1.stylezip.info/?step_id=1&installer_id=4908930&publisher_id=908&source_id=0&page_id=0&country_code=US&locale=US&browser_id=4&download_id=14726790&external_id=0&session_id=29453580&hardware_id=34362510&installer_file_name=iobit-uninstaller

Remove iobit-uninstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.