» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Goobzo LTD

The application uninstall.exe by Goobzo has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program iWebar by iWebar.

File name:

uninstall.exe

Publisher:

Goobzo LTD (signed and verified)

MD5:

05d4da178c13f635f63553cefcfab97c

SHA-1:

094621e947328fab28c87db6f3c8c44d76cce448

SHA-256:

8f0218f708a078da03515efa422dd439ca8b68fd52ce1a621c0568d642761b99

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles various adware toolbars and browser extensions.

Analysis date:

4/25/2024 9:18:01 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Goobzo.Installer (M)

16.2.15.5

File size:

86.9 KB (88,944 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\iwebar\uninstall.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 1:00:00 AM

Valid to:

5/3/2015 12:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

6/25/2014 11:03:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:t/pq4X6fI3SLe0A1gEzcVSFlDWaJsWjcd+TSyJtg:jq86LerUil2+TSyJtg

Entry address:

0x571B

Entry point:

E8, 60, 5B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, 3F, 41, 00, E8, 1F, 0A, 00, 00, E8, 3D, 33, 00, 00, 0F, B7, F0, 6A, 02, E8, F3, 5A, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D4, 54, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

54.5 KB (55,808 bytes)

Program Uninstaller

Program name:

iWebar

Display publisher:

iWebar

Display version:

1.34.6.10

Uninstall string:

C:\Program Files (x86)\iWebar\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.