» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

QUICKREF

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application uninstall.exe by QUICKREF has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Quick Ref 1.10.0.8 by Quick Ref.

File name:

uninstall.exe

Publisher:

Quick Ref (signed by QUICKREF)

Product:

Quick Ref

Description:

Quick Ref Setup

Version:

1.10.0.8

MD5:

00782db9ee661994ab31f278f7e798fc

SHA-1:

095f4d261f9e072bb1b822acaee5f66398cd6823

SHA-256:

75fc1c037e34762915aec8eea8360698fd9a9b9c760b1c59cd66b15d3972ff05

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

5/5/2024 7:58:41 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.6379

Reason Heuristics

PUP.Installer.InfoAtoms

15.3.18.1

File size:

307.8 KB (315,136 bytes)

Product version:

1.10.0.8

Original file name:

quickref-setup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\quickref_1.10.0.8\uninstall.exe

Digital Signature

Signed by:

QUICKREF

Authority:

GlobalSign nv-sa

Valid from:

9/4/2014 11:50:56 AM

Valid to:

9/4/2016 11:50:56 AM

Subject:

E=Support@quickrefapp.com, CN=QUICKREF, O=QUICKREF, L=Dover, S=DE, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11219B2E795F5F7739842A0C0B7E7F9F1A08

File PE Metadata

Compilation timestamp:

12/5/2009 2:52:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:LuxkZuTXJUpoa7gDZ5n0JSexw8eunI3GiG2k/DXrOCOat+qzhxPr+KB/9ovoZbaO:LSKq+JS+neunI2iG2kPOC1tLZmvSZfMa

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

6.8499

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Program Uninstaller

Program name:

Quick Ref 1.10.0.8

Display publisher:

Quick Ref

Display version:

1.10.0.8

Uninstall string:

C:\Program Files (x86)\QuickRef_1.10.0.8\Uninstall.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.