» uninstall.exe
Overview
Analysis
File Details

uninstall.exe

InstallCore Ltd.

The application uninstall.exe by InstallCore has been detected as adware by 9 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

uninstall.exe

Publisher:

InstallCore Ltd. (signed and verified)

MD5:

9d3e561cd638ded95289bdf2a27d19ef

SHA-1:

2bab3a9b4c8097b8008ae7f222eaaab5af77ccd5

SHA-256:

d08702bfb2d3b94637a9f2bb9cc752b8cf6689dbd65e9eadca707bf96d9c971c

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/23/2024 7:55:41 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

160209-2

AVG

Adware InstallCore.GG

2015.0.4477

Dr.Web

Adware.InstallCore.69, Adware.InstallCore.43

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Generic.8822061

10.0.0.5366

ESET NOD32

Win32/InstallCore.R potentially unwanted application

7.0.302.0

F-Prot

W32/InstallCore.C.gen

4.6.5.141

Norman

Trojan.Generic.8822061

18.01.2016 17:20:53

Sophos

PUA 'Install Core'

5.23

VIPRE Antivirus

Threat.4786018

47030

File size:

1013.3 KB (1,037,584 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\videoconverter\uninstall\uninstall.exe

Digital Signature

Signed by:

InstallCore Ltd.

Authority:

COMODO CA Limited

Valid from:

2/21/2012 12:00:00 AM

Valid to:

2/20/2013 11:59:59 PM

Subject:

CN=InstallCore Ltd., OU=Support, O=InstallCore Ltd., STREET=Nisim Aloni 21, L=Tel Aviv, S=N/A, PostalCode=62919, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0088971791FBF6CE4920268CDF6A0A825F

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:Qq5QQQmRo1qwIuKNLk2qcie07yc5ES3HJ9NJfcTqGZ:N5qmRo1XkA2qcieAyq3HTcTqG

Entry address:

0xC1B48

Entry point:

55, 8B, EC, 83, C4, F0, B8, ED, A6, 4F, 00, E8, 21, EE, FF, FF, C9, 35, B1, A6, B7, 3C, CF, 2E, 6C, DD, A6, 82, 9D, F7, E8, D2, 73, 40, 8C, 94, 2F, 77, 5D, C3, 8D, 33, B9, 0C, D8, 43, 1E, F8, F3, C5, 5C, 64, CF, 6D, 91, C8, 0E, 94, 3D, 23, C7, 10, 1B, 91, B5, F2, 8B, E1, 39, 9F, B5, AA, FB, E6, BB, B1, 2E, 0D, 97, AF, 89, F0, 7D, C3, AD, B6, EB, 10, 84, A7, B2, 68, A9, 2C, 9A, F9, 14, 1C, 85, 5E, 83, BA, 1F, 89, 63, 1B, 83, 6D, 22, D3, 6E, 55, 43, 2E, D0, 55, 92, 3B, F0, 3F, 51, 7C, 65, 0B, 3B, 0C, 8A, 9B... 
[+]

Entropy:

6.9282

Developed / compiled with:

Microsoft Visual C++

Code size:

787 KB (805,888 bytes)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.