» uninstall.exe
Overview
Analysis
File Details
Downloads (1)
Network (4)

uninstall.exe

Video Converter

Video Converter T

The application uninstall.exe, “Video Converter Installer” has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from apps.foxtab.com. While running, it connects to the Internet address 92b91b35.rdns.100tb.com on port 80 using the HTTP protocol.

File name:

uninstall.exe

Publisher:

Video Converter T

Product:

Video Converter

Description:

Video Converter Installer

Version:

3.1.0.0

MD5:

63c75bc0bb3ec38644209e49184a088f

SHA-1:

30a065e160d220746c968f542da80395ed66b963

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/24/2024 11:27:54 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.182.78

avast!

Win32:PUP-gen [PUP]

2014.9-141218

AVG

Generic4

2015.0.3256

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.141218

Comodo Security

Heur.Suspicious

19940

Dr.Web

Trojan.DownLoader3.33126

9.0.1.0352

ESET NOD32

Win32/InstallCore (variant)

8.10642

F-Prot

W32/InstallCore.I.gen

v6.4.7.1.166

Malwarebytes

Adware.InstallCore

v2014.12.18.10

McAfee

GenericTRA-AC!63C75BC0BB3E

5600.6912

NANO AntiVirus

Trojan.Win32.Download.cjwqt

0.28.6.62995

Qihoo 360 Security

Win32/Trojan.e45

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.152DAA2E!355314222

23.00.65.141216

Sophos

Install Core Installer

4.98

VIPRE Antivirus

Trojan.Win32.Generic

34360

File size:

461.5 KB (472,576 bytes)

Product version:

3.1.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\foxtabvideoconverter\uninstall\uninstall.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:K9/SUN8RyY32VJJZAXOT1UH//Qkb2hwrbd/MMH:2TdY32kepUFjrh/MMH

Entry address:

0x104610

Entry point:

60, BE, 00, F0, 49, 00, 8D, BE, 00, 20, F6, FF, C7, 87, 10, 27, 0B, 00, B8, 08, 11, 54, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

408 KB (417,792 bytes)

The file uninstall.exe has been seen being distributed by the following URL.

http://apps.foxtab.com/g4/video-converter/.../VideoConverterSetup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to hosted-by.leaseweb.com (199.58.87.151:80)

TCP (HTTP):

Connects to ec2-54-229-133-176.eu-west-1.compute.amazonaws.com (54.229.133.176:80)

TCP (HTTP):

Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com (52.30.226.196:80)

TCP (HTTP):

Connects to 92b91b35.rdns.100tb.com (146.185.27.53:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.