» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application uninstall.exe by CoolMirage has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program GoPhoto.it V9.0 by installdaddy. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.

File name:

uninstall.exe

Publisher:

CoolMirage Ltd. (signed and verified)

MD5:

675b4aa5bd59ea43b94ea639768cae7d

SHA-1:

2a7a592e524cc0e0a6945ade4bc4c3750f9a3868

SHA-256:

25ea1b7ca88d68fd9c230aec3c142aa0166c3e5d3d43e585b6ee5027bd7621c0

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

4/26/2024 3:01:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.CoolMirage (M)

16.2.15.6

File size:

81.4 KB (83,328 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\gophoto.it v9.0\uninstall.exe

Digital Signature

Signed by:

CoolMirage Ltd.

Authority:

Thawte, Inc.

Valid from:

6/6/2013 8:00:00 AM

Valid to:

6/7/2014 7:59:59 AM

Subject:

CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

110F603E63C86349A5F243EA06966F33

File PE Metadata

Compilation timestamp:

6/3/2014 6:02:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:7PkBm1iz7ElEIA72aNlwk+ncGbsWjcdEPxQ:7mh0VaNAfkEPxQ

Entry address:

0x3962

Entry point:

E8, CA, 61, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 30, 2B, 41, 00, E8, 88, 63, 00, 00, E8, 66, 28, 00, 00, 0F, B7, F0, 6A, 02, E8, 5D, 61, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 3E, 5B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.2481

Code size:

50 KB (51,200 bytes)

Program Uninstaller

Program name:

GoPhoto.it V9.0

Display publisher:

installdaddy

Display version:

1.34.5.29

Uninstall string:

C:\Program Files (x86)\GoPhoto.it V9.0\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.