» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (1)

uninstall.exe

Proxy Video Downloader

Link64 GmbH

The application uninstall.exe, “Updater [ProxyVideoDownloader]” by Link64 GmbH has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program VideoDownloaderUltimate by Link64. This file is typically installed with the program VideoDownloaderUltimate by Link64. The file has been seen being downloaded from videodownloaderultimate.com.

File name:

uninstall.exe

Publisher:

Link64 GmbH (signed and verified)

Product:

Proxy Video Downloader

Description:

Updater [ProxyVideoDownloader]

Version:

1.0.1.35

MD5:

63673bc6324fc9a28eb469b9f1295ba0

SHA-1:

28d5b120e3693c13ec0c39629c0bb4dd948da569

SHA-256:

e0c2b3a9705ed6e0415663d1adbbce1c12909f13b91eb1a10c9d326c4a8d4b4f

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 2:00:23 PM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

Gen.Trojan.Heur

t3scan.1.6.1.0

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.Link64GmbH

15.2.16.5

File size:

1.5 MB (1,611,384 bytes)

Product version:

1.0.1.35

Original file name:

ProxyVideoDownloader_Install.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\application data\videodownloaderultimatewinapp\uninstall.exe

Digital Signature

Signed by:

Link64 GmbH

Authority:

Thawte, Inc.

Valid from:

2/19/2013 7:00:00 PM

Valid to:

3/22/2015 7:59:59 PM

Subject:

CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=Baden-Wuerttemberg, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

70B8C92A22236AF8064642CFE2790458

File PE Metadata

Compilation timestamp:

2/3/2015 5:52:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:lvVT9qv8QtSkmNHAy97UR2WCesZQQpTPrDQKtJzeTU3k9Yqljo:lvVT9qv8Q8nNP97U9wZxPrVn6U09Yt

Entry address:

0x6389

Entry point:

E8, F7, 60, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 83, EC, 18, 53, 56, FF, 75, 0C, 8D, 4D, E8, E8, A4, E8, FF, FF, 8B, 5D, 08, BE, 00, 01, 00, 00, 3B, DE, 73, 54, 8B, 4D, E8, 83, B9, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, C9, 35, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, C8, 00, 00, 00, 0F, B6, 04, 58, 83, E0, 01, 85, C0, 74, 0F, 8B, 81, CC, 00, 00, 00, 0F, B6, 04, 18, E9, A7, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C3, E9, A0, 00, 00, 00, 8B, 45, E8... 
[+]

Entropy:

7.8466 (probably packed)

Code size:

180 KB (184,320 bytes)

Program Uninstaller

Program name:

VideoDownloaderUltimate

Display publisher:

Link64

Display version:

1.0.1.35

Uninstall string:

C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe

The file uninstall.exe has been discovered within the following programs.

VideoDownloaderUltimate by Link64

52% remove it

The file uninstall.exe has been seen being distributed by the following URL.

https://videodownloaderultimate.com/.../VideoDownloaderUltimate_winapp_installer.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.