» uninstall.exe
Overview
Analysis
File Details

uninstall.exe

PDF Creator

Install Core

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe, “PDF Creator Installer” by Install Core has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.

File name:

uninstall.exe

Publisher:

PDF Creator Technologies (signed by Install Core)

Product:

PDF Creator

Description:

PDF Creator Installer

Version:

3.1.0.0

MD5:

04b2ee2c7c00a217e7b46511226ced91

SHA-1:

34aa4a843222ca915eba57083f2110ddcfea58f3

SHA-256:

f2db5d597abad720cd5cea63f5827dadc73c28c9512a91f15d8d3f85e702b3de

Scanner detections:

32 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 3:00:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.31222

354

Agnitum Outpost

Adware.Adware

7.1.1

AhnLab V3 Security

PUP/Win32.InstallCore

2014.11.07

Avira AntiVirus

ADWARE/Adware.Gen

7.11.30.172

avast!

Win32:InstallCore-F [PUP]

2014.9-160215

Bitdefender

Gen:Variant.Adware.Graftor.31222

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

W32.Adware.InstallCore-2

0.98/19741

Comodo Security

ApplicUnwnt.Win32.AdWare.InstallCore.0

18068

Dr.Web

Adware.InstallCore.14

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.31222

8.16.02.15.07

ESET NOD32

Win32/InstallCore.E potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Riskware/InstallCore

2/15/2016

F-Prot

W32/Agent.MC.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.31222

11.2016-15-02_2

G Data

Gen:Variant.Adware.Graftor.31222

16.2.24

IKARUS anti.virus

Virus.Win32.Heur

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.176.11684

Malwarebytes

Adware.Agent

v2016.02.15.07

MicroWorld eScan

Gen:Variant.Adware.Graftor.31222

17.0.0.138

NANO AntiVirus

Riskware.Win32.InstallCore.nrftm

0.28.0.59048

nProtect

Trojan-Clicker/W32.Agent.563720

14.04.07.01

Qihoo 360 Security

Malware.QVM11.Gen

1.0.0.1015

Reason Heuristics

PUP.installCore.PDFCreatorTechnologies.Installer (M)

16.2.15.19

Rising Antivirus

PE:PUF.InstallCore!1.9DE1

23.00.65.16213

Sophos

PUA 'Install Core Installer'

5.14

SUPERAntiSpyware

Trojan.Agent/Gen-Menti

9321

Trend Micro House Call

HV_INSTALLCORE_CA2336AC.TOMC

7.2.46

Trend Micro

HT_INSTALLCORE_BL21032E.TOMC

10.465.15

Vba32 AntiVirus

BScope.Malware-Cryptor.Sinba.A

3.12.26.3

VIPRE Antivirus

Threat.4150696

34232

Zillya! Antivirus

Trojan.Genome.Win32.201126

2.0.0.1976

File size:

538 KB (550,920 bytes)

Product version:

3.1.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\uninstall.exe

Digital Signature

Signed by:

Install Core

Authority:

The USERTRUST Network

Valid from:

2/1/2011 6:00:00 PM

Valid to:

2/2/2012 5:59:59 PM

Subject:

CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:qKViCKF/zV7/6imRO30ywotkrggTyKWazv7eAMM90:qyiCiwiV30yF2rgsRzv7vMM90

Entry address:

0x10BB40

Entry point:

60, BE, 00, E0, 48, 00, 8D, BE, 00, 30, F7, FF, C7, 87, 10, E7, 0B, 00, B5, 48, 2A, 28, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.8775

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

504 KB (516,096 bytes)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.