» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

YourFileDownloader Installer

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application uninstall.exe by Via Advertising Group Limited has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. This is the uninstaller utility registered in the Windows Control Panel for the program YourFileDownloader by http://www.yourfiledownloader.net.

File name:

uninstall.exe

Publisher:

http://yourfiledownloader.net (signed by Via Advertising Group Limited)

Product:

YourFileDownloader Installer

Version:

1, 0, 238, 1

MD5:

719eb7d8ed07778f363e90b1c98572c6

SHA-1:

0c189c9c5c672a67847d3b94e01c309a426f283e

SHA-256:

81e735a274c547b0a3dac9345bc36568fd9c7a6561e5296d610f88745c51efaf

Scanner detections:

30 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 4:25:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.567021

355

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

Win-PUP/YourFileDownloader

2015.02.14

Avira AntiVirus

TR/EDownload.J.2

7.11.169.82

avast!

Win32:Downloader-UEO [PUP]

2014.9-160215

AVG

Adware BundleApp_r

2017.0.2833

Baidu Antivirus

PUA.Win32.ExpressDownloader

4.0.3.16215

Bitdefender

Gen:Variant.Application.Strictor.70984

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.ExpressDownloader.DA

21731

Dr.Web

Adware.Downware.8624

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Kazy.567021

8.16.02.15.11

ESET NOD32

Win32/ExpressDownloader.J potentially unwanted application

10.7.0.302.0

F-Prot

W32/A-42de288b

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.567021

11.2016-15-02_2

G Data

Gen:Variant.Application.Strictor.70984

16.2.25

IKARUS anti.virus

PUA.Expressdownloader

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.183.13550

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.658

Malwarebytes

PUP.Optional.YourFileDown

v2016.02.15.11

MicroWorld eScan

Gen:Variant.Application.Strictor.70984

17.0.0.138

NANO AntiVirus

Riskware.Win32.Downware.deefau

0.28.2.61861

Norman

Gen:Variant.Kazy.567021

11.20160215

Panda Antivirus

Generic Suspicious

16.02.15.11

Reason Heuristics

PUP.Via Advertising.ViaAdvertisingGroup.Bundler (M)

16.2.15.11

Rising Antivirus

PE:Malware.Kazy!6.1E64

23.00.65.16213

Sophos

PUA 'Go For Files'

5.14

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Threat.4758264

32938

Zillya! Antivirus

Downloader.Agent.Win32.221440

2.0.0.1939

File size:

2.4 MB (2,558,464 bytes)

Product version:

1.0.0.1

Original file name:

YourFileDownloaderInstaller.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

YourFile Downloader

Language:

English

Common path:

C:\Program Files\yourfiledownloader\uninstall.exe

Digital Signature

Signed by:

Via Advertising Group Limited

Authority:

COMODO CA Limited

Valid from:

4/11/2013 5:00:00 PM

Valid to:

4/11/2016 4:59:59 PM

Subject:

CN=Via Advertising Group Limited, O=Via Advertising Group Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BABC309174F531C6762BBA466401FEAF

File PE Metadata

Compilation timestamp:

9/2/2014 7:02:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:ueXp0zBjA9RDp1Y7dLgJ6RLDPGI+4RN4WuD4J0buO8FYT4eKfUiX5pibYQ:ueXp0Ns9RDp1ydLgJ6RLad4RtuD4J+RT

Entry address:

0x2FAAF0

Entry point:

60, BE, 00, B0, 4A, 00, 8D, BE, 00, 60, F5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.7279

Packer / compiler:

UPX 2.90LZMA

Code size:

2.3 MB (2,424,832 bytes)

Program Uninstaller

Program name:

YourFileDownloader

Display publisher:

http://www.yourfiledownloader.net

Display version:

2.14.37

Uninstall string:

"C:\Program Files\YourFileDownloader\Uninstall.exe"

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.