» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 18 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Sense by Object Browser. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

uninstall.exe

Publisher:

BadFinger Project (BrightCircle Investments Limited) (signed and verified)

MD5:

3158c5359299e6ef37dbb03552c36ff0

SHA-1:

124de06e26e2f916e3f5063a3268424cea6183dc

SHA-256:

bda915ae6706463c4c33194cf47c0b314a4da56e4867322251b9db74610966d0

Scanner detections:

18 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

5/9/2024 3:07:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.gqX@lOh7iTii

6121764

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.194.194

AVG

Generic

2015.0.3262

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141213

Bitdefender

Gen:Application.Heur.gqX@lGB0kjhi

1.0.20.1765

Emsisoft Anti-Malware

Gen:Application.Heur.gqX@lOh7iTii

9.0.0.4668

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.gqX@lOh7iTii

5.13.68

G Data

Win32.Adware.Crossrider

14.12.24

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.543

MicroWorld eScan

Gen:Application.Heur.gqX@lGB0kjhi

15.0.0.1059

Norman

Gen:Application.Heur.gqX@lOh7iTii

04.12.2014 14:30:06

Panda Antivirus

Generic Suspicious

14.12.13.01

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.BadFingerProjectBrightCircleInvestmentsLimited.J

14.12.13.1

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141211

Sophos

Generic PUA KK

4.98

VIPRE Antivirus

Threat.4150696

35418

File size:

101.5 KB (103,904 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\sense\uninstall.exe

Digital Signature

Signed by:

BadFinger Project (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 1:00:00 AM

Valid to:

11/18/2015 12:59:59 AM

Subject:

CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata

Compilation timestamp:

12/12/2014 2:04:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:DgVOrhXE+dzii5CjQLyb9EV1cSXcOrvJWsWjcdTNS+pdO:kVOy+Mi5nbrvJZTNS+pM

Entry address:

0x5677

Entry point:

E8, 7E, 64, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 6E, 41, 00, E8, 23, 0A, 00, 00, E8, BA, 23, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 64, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F2, 5D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4092

Code size:

67 KB (68,608 bytes)

Program Uninstaller

Program name:

Sense

Display publisher:

Object Browser

Display version:

1.35.12.8

Uninstall string:

C:\Program Files (x86)\Sense\Uninstall.exe /fcp=1

The file uninstall.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.