» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Goobzo LTD

The application uninstall.exe by Goobzo has been detected as adware by 26 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Object Browser by Object Browser. This file is typically installed with the program Object Browser which is a potentially unwanted software program. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

uninstall.exe

Publisher:

Goobzo LTD (signed and verified)

MD5:

fd18f9c337f683b80aa22521db519002

SHA-1:

379b5fd16d20a1907784edef01261f7cc7ba8377

SHA-256:

9b7c092ceaeb0ec1bc1568f5259b1b450cc610a7dea346ea6b8498c79ee10375

Scanner detections:

26 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/23/2024 9:10:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.gqX@lafed5ni

5742874

AhnLab V3 Security

PUP/Win32.CrossRider

2015.10.07

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

7.11.30.172

Arcabit

PUP.Adware.Goobzo.ecm

1.0.0.576

avast!

Win32:Adware-CDO [PUP]

151004-0

AVG

Crossrider

2016.0.2964

Bitdefender

Gen:Application.Heur.gqX@lafed5ni

1.0.20.1400

Comodo Security

Application.Win32.InstallCore.GIFI

23366

Dr.Web

Adware.Searcher.2804, Trojan.Crossrider.29967

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Heur.gqX@lafed5ni

10.0.0.5366

ESET NOD32

Win32/Toolbar.CrossRider.AW potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.gqX@lafed5ni

5.14.151

G Data

Gen:Application.Heur.gqX@lafed5ni

15.10.25

K7 AntiVirus

Unwanted-Program

13.210.17446

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.562

McAfee

Artemis!FD18F9C337F6

5600.6620

MicroWorld eScan

Gen:Application.Heur.gqX@lafed5ni

16.0.0.840

NANO AntiVirus

Trojan.Win32.GoogUpdate.deecyw

0.30.26.3947

Norman

Gen:Application.Heur.gqX@lafed5ni

03.12.2014 13:20:04

Panda Antivirus

Adware/Goobzo

15.10.07.05

Quick Heal

PUA.Goobzoltd.Gen

10.15.14.00

Reason Heuristics

PUP.Goobzo.J

14.8.22.15

Rising Antivirus

PE:Malware.CrossRider!6.2641[F1]

23.00.65.151005

Sophos

PUA 'Goobzo' (of type Adware)

5.19

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.4

VIPRE Antivirus

Threat.4792716

43798

File size:

99.9 KB (102,256 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\object browser\uninstall.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/1/2013 8:00:00 PM

Valid to:

5/2/2015 7:59:59 PM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

8/16/2014 6:04:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:eA59q0W/U6E/DsLkU6Svf/Trr0BJ1ICclwA9sWjcdfCU8qIF:jY0WcxQJnAWFwBfCU8qIF

Entry address:

0x5055

Entry point:

E8, 38, 66, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A8, 6E, 41, 00, E8, 25, 0A, 00, 00, E8, 43, 33, 00, 00, 0F, B7, F0, 6A, 02, E8, CB, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AC, 5F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3785

Code size:

65.5 KB (67,072 bytes)

Program Uninstaller

Program name:

Object Browser

Display publisher:

Object Browser

Display version:

1.34.8.12

Uninstall string:

C:\Program Files (x86)\Object Browser\Uninstall.exe /fcp=1

The file uninstall.exe has been discovered within the following program.

Object Browser by Object Browser

Object Browser is an adware style application that runs in the web browser as a toolbar and web extension.

66% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.