home

uninstall.exe

gb-installer-core

The application uninstall.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program RocketTab by RocketTab. Additionally, the file is typically installed by a number of programs including Rockettab by Rich River Media, LLC and RocketTab: by Adknowledge, Inc., both potentially unwanted software.
Product:
gb-installer-core

Version:
1.0.5654.17497

MD5:
5972ea36959b179083a59d43d50c03d5

SHA-1:
46dad347a1949ff4a11d1425e4a80dd62f6ca619

SHA-256:
a0ad378173b3c84ada0ce205aaa990baa6e458e36acc2da4a46b74dca2de1a3e

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 7:56:32 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Barys.16384
8.3.1.6

avast!
Win32:Dropper-gen [Drp]
2014.9-150722

AVG
Generic6
2016.0.3041

IKARUS anti.virus
Trojan.Barys
t3scan.1.9.5.0

McAfee
Artemis!5972EA36959B
5600.6697

Reason Heuristics
PUP.Win.Reputation
15.7.17.15

File size:
12.5 KB (12,800 bytes)

Product version:
1.0.5654.17497

Copyright:
Copyright © 2015

Original file name:
gb-installer-core.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\search extensions\uninstall.exe

File PE Metadata
Compilation timestamp:
6/25/2015 4:43:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:gbaJm+RjivdO8yQIjbjP8+bhnDkJxRszYcHeYI9:nJmGevbfWbjkeDkJxCzYcHeYI9

Entry address:
0x3C9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.2517

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7.5 KB (7,680 bytes)

Program Uninstaller
Program name:
RocketTab

Display publisher:
RocketTab

Display version:
2.0

Uninstall string:
"C:\Program Files\Search Extensions\uninstall.exe" /u=true /UserID=3aee0d40-ab5e-44ed-8314-a6e96ce5960e /SourceID=browsersafeguard-rockettab-tightrope-ROW /ImplementationID=browsersafeguard-rockettab-


The file uninstall.exe has been discovered within the following programs.

“RocketTab”  by Adknowledge
RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
85% remove it
Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
RocketTab:  by Adknowledge, Inc.
RocketTab is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.
www.adknowledge.com
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to ec2-54-204-8-133.compute-1.amazonaws.com  (54.204.8.133:80)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-54-83-200-155.compute-1.amazonaws.com  (54.83.200.155:80)

TCP (HTTP):
Connects to ec2-174-129-252-137.compute-1.amazonaws.com  (174.129.252.137:80)

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.