» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application uninstall.exe by Robokid Technologies has been detected as adware by 6 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program HDPureV9.5 by HDPure. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Robokid Technologies (signed and verified)

MD5:

f10f75a600c49176d719c4c3eca1ea9a

SHA-1:

28c1c7590c73262ca2bbb54c8434ff11b935642c

SHA-256:

7dcf1e94f7e1ed9824e666f0e10bfb2c238c0fe4d2b6b84b867cf04c481f5f32

Scanner detections:

6 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/24/2024 7:40:01 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3363

Baidu Antivirus

Adware.Win64.Crossrider

4.0.3.1492

IKARUS anti.virus

PUA.Plush

t3scan.1.7.5.0

NANO AntiVirus

Riskware.Win32.AdLoad.dcxsbf

0.28.2.61942

Reason Heuristics

PUP.RobokidTechnologies.J

14.9.2.15

Sophos

AppRider

4.98

File size:

84 KB (86,040 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hdpurev9.5\uninstall.exe

Digital Signature

Signed by:

Robokid Technologies

Authority:

COMODO CA Limited

Valid from:

6/23/2014 4:00:00 AM

Valid to:

6/24/2015 3:59:59 AM

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

Compilation timestamp:

7/11/2014 2:03:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:kP+zP2Ui8148JKG2jA/18UVcVGBmsWjcdeUtGEweUw1:/zPX48JKGEA/tUGPeVEwed1

Entry address:

0x547D

Entry point:

E8, 1E, 59, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E8, 3E, 41, 00, E8, 2D, 0A, 00, 00, E8, 8C, 24, 00, 00, 0F, B7, F0, 6A, 02, E8, B1, 58, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 92, 52, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.1785

Code size:

53.5 KB (54,784 bytes)

Program Uninstaller

Program name:

HDPureV9.5

Display publisher:

HDPure

Display version:

1.34.7.1

Uninstall string:

C:\Program Files (x86)\HDPureV9.5\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.