» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Startpage24 Startpage

Link64 GmbH

The application uninstall.exe, “Updater [Startpage24_*.exe]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Startpage24 by Link64. This file is typically installed with the program Startpage24 by Link64 which is a potentially unwanted software program.

File name:

uninstall.exe

Publisher:

Link64 GmbH (signed and verified)

Product:

Startpage24 Startpage

Description:

Updater [Startpage24_*.exe]

Version:

2.0.0.710

MD5:

66f251919fab581f0c543153220df839

SHA-1:

42357e838da78e06993fcc8415baa4c2de8dc5c3

SHA-256:

36d7f8caaa179b93220af444cc135b924ac991c30cee9b5692a3a797d60e899a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/27/2024 1:47:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Link64.Installer (M)

16.2.9.16

File size:

621.1 KB (636,016 bytes)

Product version:

2.0.0.710

Original file name:

Startpage24_Install.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\startpage24\plugin\version_710\uninstall.exe

Digital Signature

Signed by:

Link64 GmbH

Authority:

Thawte, Inc.

Valid from:

2/14/2011 1:00:00 AM

Valid to:

2/13/2013 12:59:59 AM

Subject:

CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=BW, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

15F5E6DF4214F9A5312FC2CB4F217D16

File PE Metadata

Compilation timestamp:

8/2/2011 5:31:57 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:ESZGD393ysesaSELlWTrXdJOg94dZ/h+b:bm3RymaJMTrXKldZ/h+b

Entry address:

0x75BC

Entry point:

E8, 23, 71, 00, 00, E9, 17, FE, FF, FF, 6A, 0C, 68, E0, FE, 43, 00, E8, A2, 12, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 58, 9E, 44, 00, 03, 75, 43, 6A, 04, E8, 05, 73, 00, 00, 59, 83, 65, FC, 00, 56, E8, 73, 73, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 8F, 73, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, F3, 71, 00, 00, 59, C3, 56, 6A, 00, FF, 35, D4, 80, 44, 00, FF, 15, 48, 02, 43, 00, 85, C0, 75, 16, E8, 55, 07, 00... 
[+]

Code size:

188 KB (192,512 bytes)

Program Uninstaller

Program name:

Startpage24

Display publisher:

Link64

Display version:

2.0.0.710

Uninstall string:

C:\Program Files (x86)\Startpage24\Plugin\Version_710\Uninstall.exe

The file uninstall.exe has been discovered within the following program.

Startpage24 by Link64

This adware program that plugs into the user's web browser will hijack the home and search pages.

www.startpage24.com/webpage/en

68% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.