» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

uninstall.exe

InstallCore© Installer SDK 4.1

InstallCore© Technologies

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe, “InstallCore© Installer ” has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program FoxTab Audio Converter (remove only). The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

uninstall.exe

Publisher:

InstallCore© Technologies

Product:

InstallCore© Installer SDK 4.1

Description:

InstallCore© Installer

Version:

1, 0, 0, 9

MD5:

164ab6ee8026c9041195d7d44f1de893

SHA-1:

04a4488f0383f2da8065c691fddd2c5b40b49a9d

SHA-256:

c0e2c2e9cda305c5b937d05ca533af37bd69495cc7baaef07d3a6e2dcdcadcf5

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 11:56:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.7992353

1013

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.134.32

AVG

Generic4

2015.0.3491

Bitdefender

Trojan.Generic.7992353

1.0.20.590

Comodo Security

Heur.Suspicious

17865

Dr.Web

Trojan.DownLoader2.12660

9.0.1.0118

Emsisoft Anti-Malware

Trojan.Generic.7992353

8.14.04.28.07

ESET NOD32

Win32/InstallCore (variant)

8.9487

Fortinet FortiGate

W32/Malware_fam.NB

4/28/2014

F-Prot

W32/InstallCore.I.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.7992353

11.2014-28-04_2

G Data

Trojan.Generic.7992353

14.4.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

Malwarebytes

Adware.Agent

v2014.04.28.07

MicroWorld eScan

Trojan.Generic.7992353

15.0.0.354

Norman

Facemood.A.dropper

11.20140428

nProtect

Trojan.Generic.7992353

14.02.28.01

Qihoo 360 Security

Win32/Virus.Adware.bfe

1.0.0.1015

Reason Heuristics

PUP.Installer.InstallCoreCTechnologies.J

14.4.28.7

Rising Antivirus

PE:Trojan.Win32.Generic.12AFBED8!313507544

23.00.65.14426

Sophos

Install Core Installer

4.98

Trend Micro House Call

TROJ_SPNR.0BFD13

7.2.118

Trend Micro

TROJ_SPNR.0BFD13

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

26958

File size:

436.5 KB (446,976 bytes)

Product version:

1, 0, 0, 9

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

English (United States)

Common path:

C:\Program Files\foxtabaudioconverter\uninstall\uninstall.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:nQqgbevp60KTgFGL4UB2JqUSj0I1hWSIUehMMF:nwevtzCB2JqUZIySRehMMF

Entry address:

0xEF070

Entry point:

60, BE, 00, A0, 48, 00, 8D, BE, 00, 70, F7, FF, C7, 87, 10, 77, 0A, 00, 82, 5C, 69, 45, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.8501

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

408 KB (417,792 bytes)

Program Uninstaller

Program name:

FoxTab Audio Converter (remove only)

Uninstall string:

C:\PROGRA~1\FOXTAB~2\Uninstall\Uninstall.exe /Uninstall

The file uninstall.exe has been seen being distributed by the following URL.

http://apps.foxtab.com/.../Mp3ConverterSetup.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.