» uninst.exe
Overview
Analysis
File Details
Behaviors (3)
Network (40)

uninst.exe

It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Search Provided by Yahoo.

File name:

uninst.exe

MD5:

2b8e61ae9805d0a5149b0aa55bc478bd

SHA-1:

ca7da77f79959f3f98527090880f292ae7186b1b

SHA-256:

c1d9c171d30b6ac27471fad07180c077aa57948cfa94eeafc1ed39fc78123132

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

7/4/2025 7:21:16 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/DealPly.jxpad

8.3.3.4

McAfee

PUP-FPD

5600.6112

Qihoo 360 Security

HEUR/QVM05.1.0000.Malware.Gen

1.0.0.1120

Trend Micro House Call

TROJ_GEN.R0C1H06BP17

7.2.57

File size:

1.1 MB (1,191,424 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\{658553d9-412d-3f61-2cb5-1a8908dde611}\uninst.exe

File PE Metadata

Compilation timestamp:

6/23/2015 5:50:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x106C74

Entry point:

55, 8B, EC, 83, C4, F0, B8, DC, 0F, 50, 00, E8, 38, 37, F0, FF, A1, 08, 91, 50, 00, 8B, 00, E8, 7C, 26, FA, FF, 8B, 0D, 6C, 8E, 50, 00, A1, 08, 91, 50, 00, 8B, 00, 8B, 15, 6C, B4, 4A, 00, E8, 7C, 26, FA, FF, A1, 08, 91, 50, 00, 8B, 00, E8, C0, 27, FA, FF, E8, 1B, F9, EF, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1 MB (1,072,128 bytes)

2 Program Uninstaller

Program name:

Search Provided by Yahoo

Uninstall string:

"C:\users\{user}\appdata\local\{3f16094a-1bbe-65f2-7626-401a524ebc82}\uninstall.exe" \uninstall \s \noun \delselfdir

Program name:

Yahoo! Powered

Uninstall string:

"C:\users\{user}\appdata\local\{7ae54cb9-5e4d-2001-33d5-05e917bdf971}\uninstall.exe" \uninstall \s \noun \delselfdir

Scheduled Task

Task name:

{E92DFFAA-376D-4C50-84A7-DE38FC6285C0}

Trigger:

Daily (Runs daily at 17:34)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-225-212-5.compute-1.amazonaws.com (54.225.212.5:80)

TCP (HTTP):

Connects to ec2-23-21-246-202.compute-1.amazonaws.com (23.21.246.202:80)

TCP (HTTP):

Connects to ec2-107-20-201-65.compute-1.amazonaws.com (107.20.201.65:80)

TCP (HTTP SSL):

Connects to geoip-zlb.vips.scl3.mozilla.com (63.245.215.82:443)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (52.216.227.56:80)

TCP (HTTP):

Connects to ec2-54-243-162-184.compute-1.amazonaws.com (54.243.162.184:80)

TCP (HTTP):

Connects to ec2-54-225-136-136.compute-1.amazonaws.com (54.225.136.136:80)

TCP (HTTP):

Connects to server-54-240-186-250.mad50.r.cloudfront.net (54.240.186.250:80)

TCP (HTTP):

Connects to server-54-230-206-12.atl50.r.cloudfront.net (54.230.206.12:80)

TCP (HTTP):

Connects to server-54-230-187-147.cdg51.r.cloudfront.net (54.230.187.147:80)

TCP (HTTP):

Connects to server-54-192-25-208.mxp4.r.cloudfront.net (54.192.25.208:80)

TCP (HTTP):

Connects to server-54-192-25-176.mxp4.r.cloudfront.net (54.192.25.176:80)

TCP (HTTP):

Connects to server-52-84-174-181.gru50.r.cloudfront.net (52.84.174.181:80)

TCP (HTTP):

Connects to ec2-54-243-75-224.compute-1.amazonaws.com (54.243.75.224:80)

TCP (HTTP):

Connects to ec2-54-191-37-103.us-west-2.compute.amazonaws.com (54.191.37.103:80)

TCP (HTTP):

Connects to ec2-52-25-199-9.us-west-2.compute.amazonaws.com (52.25.199.9:80)

TCP (HTTP):

Connects to ec2-23-23-112-75.compute-1.amazonaws.com (23.23.112.75:80)

TCP (HTTP):

Connects to ec2-23-21-246-179.compute-1.amazonaws.com (23.21.246.179:80)

TCP (HTTP):

Connects to ec2-23-21-200-178.compute-1.amazonaws.com (23.21.200.178:80)

TCP (HTTP):

Connects to ec2-184-73-230-77.compute-1.amazonaws.com (184.73.230.77:80)

Scan uninst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.