» uninst.exe
Overview
Analysis
File Details
Behaviors (4)
Network (39)

uninst.exe

The application uninst.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Powered.

File name:

uninst.exe

MD5:

296fabfab25ed513405497a9072fab85

SHA-1:

fd864ba9e7cdbe3b331063dbc4de4812531572e6

SHA-256:

8c6a186131931ca27d13190d98165b2ab27db78fb5212c8f781db12c522769ee

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 11:09:19 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/DealPly.vctat

8.3.3.4

Fortinet FortiGate

Riskware/PUP

2/28/2017

G Data

Win32.Application.Agent.LMR3Y8

17.2.25

Kaspersky

not-a-virus:AdWare.Win32.DealPly

14.0.0.-1240

McAfee

PUP-FPD

5600.6110

NANO AntiVirus

Riskware.Win32.DealPly.elznfk

1.0.70.15657

Panda Antivirus

Trj/GdSda.A

17.03.04.10

Qihoo 360 Security

HEUR/QVM05.1.0000.Malware.Gen

1.0.0.1120

Reason Heuristics

PUP.Downloader.ICDP (L)

17.3.4.22

Sophos

Generic PUA PN (PUA)

4.98

Trend Micro House Call

TROJ_GEN.R0C1H06BS17

7.2.59

VIPRE Antivirus

Trojan.Win32.Generic

56396

ViRobot

Adware.Dealply.2327040.D[h]

2014.3.20.0

File size:

2.2 MB (2,327,040 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\{39cb0f97-1d63-632f-70fb-46c75493ba5f}\uninst.exe

File PE Metadata

Compilation timestamp:

5/28/2015 12:20:14 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x202268

Entry point:

55, 8B, EC, 83, C4, F0, B8, C0, 9F, 5F, 00, E8, 18, BA, E0, FF, A1, D0, 7D, 60, 00, 8B, 00, E8, 18, D7, F9, FF, 8B, 0D, 94, 7C, 60, 00, A1, D0, 7D, 60, 00, 8B, 00, 8B, 15, C8, 7F, 5A, 00, E8, 18, D7, F9, FF, A1, D0, 7D, 60, 00, 8B, 00, E8, 70, D8, F9, FF, E8, F3, 6A, E0, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2 MB (2,099,200 bytes)

3 Program Uninstaller

Program name:

Yahoo! Powered

Uninstall string:

"C:\users\{user}\appdata\local\{39cb0f97-1d63-632f-70fb-46c75493ba5f}\uninst.exe" -fn=""-p=\uninstall \s \noun \delselfdir

Program name:

Chromium

Display publisher:

Chromium

Display version:

51.0.2683.0

Uninstall string:

"C:\users\{user}\appdata\local\{cc79fa25-e8d1-969d-8549-b375a1214fed}\uninstall.exe" \uninstall \s \noun \delselfdir

Program name:

Search Provided by Yahoo

Uninstall string:

"C:\users\{user}\appdata\local\{49f47fa8-6d5c-1310-00c4-36f824acca60}\uninstall.exe" \uninstall \s \noun \delselfdir

Scheduled Task

Task name:

{AE434BFD-41A3-455B-AEEE-F10A20667A64}

Trigger:

Daily (Runs daily at 0:59)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-107-20-201-65.compute-1.amazonaws.com (107.20.201.65:80)

TCP (HTTP):

Connects to ec2-54-225-212-5.compute-1.amazonaws.com (54.225.212.5:80)

TCP (HTTP):

Connects to ec2-23-21-246-202.compute-1.amazonaws.com (23.21.246.202:80)

TCP (HTTP SSL):

Connects to geoip-zlb.vips.scl3.mozilla.com (63.245.215.82:443)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.114.50:80)

TCP (HTTP):

Connects to ec2-54-69-114-228.us-west-2.compute.amazonaws.com (54.69.114.228:80)

TCP (HTTP):

Connects to ec2-54-191-37-103.us-west-2.compute.amazonaws.com (54.191.37.103:80)

TCP (HTTP):

Connects to ec2-23-21-215-187.compute-1.amazonaws.com (23.21.215.187:80)

TCP (HTTP):

Connects to server-54-230-206-86.atl50.r.cloudfront.net (54.230.206.86:80)

TCP (HTTP):

Connects to server-54-230-163-45.jax1.r.cloudfront.net (54.230.163.45:80)

TCP (HTTP):

Connects to server-54-230-163-26.jax1.r.cloudfront.net (54.230.163.26:80)

TCP (HTTP):

Connects to server-54-230-163-130.jax1.r.cloudfront.net (54.230.163.130:80)

TCP (HTTP):

Connects to server-54-230-150-56.sin2.r.cloudfront.net (54.230.150.56:80)

TCP (HTTP):

Connects to server-52-85-33-152.mnl50.r.cloudfront.net (52.85.33.152:80)

TCP (HTTP):

Connects to server-52-85-33-122.mnl50.r.cloudfront.net (52.85.33.122:80)

TCP (HTTP):

Connects to server-52-85-167-131.gig50.r.cloudfront.net (52.85.167.131:80)

TCP (HTTP):

Connects to ec2-54-83-207-70.compute-1.amazonaws.com (54.83.207.70:80)

TCP (HTTP):

Connects to ec2-54-243-162-184.compute-1.amazonaws.com (54.243.162.184:80)

TCP (HTTP):

Connects to ec2-50-19-111-63.compute-1.amazonaws.com (50.19.111.63:80)

TCP (HTTP):

Connects to ec2-23-23-166-158.compute-1.amazonaws.com (23.23.166.158:80)

Remove uninst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.