home

uninstall.exe

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Naruto Source has been detected as adware by 32 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program iWebar by iWebar. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Naruto Source  (signed and verified)

MD5:
d171cb74d78710a0070fe50e88f35dd8

SHA-1:
3c544684fb7475228eccbef22831d83f2a9f778c

SHA-256:
ffd8c53bf61894da5dfdfdc9a34914b6f829efae49c3e114b3bb30b004f1eea5

Scanner detections:
32 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars. Distributed through the Brightcircle investments brand.

Analysis date:
4/18/2024 10:35:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PDC
618

AhnLab V3 Security
PUP/Win32.CrossRider
2015.03.30

Avira AntiVirus
ADWARE/CrossRider.pq
3.6.1.96

avast!
Win32:Malware-gen
2014.9-150527

AVG
Generic
2016.0.3096

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15527

Bitdefender
Adware.Agent.PDC
1.0.20.735

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallCore.GIFI
21579

Dr.Web
Trojan.Crossrider.29967
9.0.1.0147

Emsisoft Anti-Malware
Adware.Agent.PDC
8.15.05.27.11

ESET NOD32
Win32/Toolbar.CrossRider.AW potentially unwanted (variant)
9.11393

F-Prot
W32/S-ac71d174
v6.4.7.1.166

F-Secure
Adware.Agent.PDC
11.2015-27-05_4

G Data
Adware.Agent.PDC
15.5.25

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15417

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.1975

McAfee
Artemis!D171CB74D787
5600.6752

MicroWorld eScan
Adware.Agent.PDC
16.0.0.441

NANO AntiVirus
Riskware.Win32.Crossrider.dgmdnp
0.30.8.659

nProtect
Adware.Agent.PDC
15.03.27.01

Panda Antivirus
Trj/Genetic.gen
15.05.27.11

Quick Heal
AdWare.NSIS.r4 (Not a Virus)
5.15.14.00

Reason Heuristics
PUP.Brightcircle.NarutoSource
15.5.27.19

Rising Antivirus
PE:Malware.Adload!6.1D9D
23.00.65.15525

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GEN.R0C1C0EBO15
7.2.147

Trend Micro
TROJ_GEN.R0C1C0EBO15
10.465.27

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

VIPRE Antivirus
Adware.Crossid
38866

Zillya! Antivirus
Trojan.GoogUpdate.Win32.615
2.0.0.2120

File size:
86.9 KB (88,936 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\iwebar\uninstall.exe

Digital Signature
Signed by:
Naruto Source

Authority:
COMODO CA Limited

Valid from:
7/27/2014 8:00:00 PM

Valid to:
7/28/2015 7:59:59 PM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
8/19/2014 6:11:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:7TZ7U/pH5eEUrdVqe3swkh6cFMYsWjcdc3NhiGzA:HZ7IH5eEEzITNI8Nhin

Entry address:
0x50DE

Entry point:
E8, 6D, 5B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A8, 3E, 41, 00, E8, 2C, 0A, 00, 00, E8, 4A, 33, 00, 00, 0F, B7, F0, 6A, 02, E8, 00, 5B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E1, 54, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.2591

Code size:
53 KB (54,272 bytes)

Program Uninstaller
Program name:
iWebar

Display publisher:
iWebar

Display version:
1.34.8.12

Uninstall string:
C:\Program Files (x86)\iWebar\Uninstall.exe /fcp=1


Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.