home

uninstall.exe

Install Core

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe by Install Core has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Install Core  (signed and verified)

MD5:
7b7bb6cd84762d4bf4fa386c80367746

SHA-1:
526dda2980aab2201007355d21106ba20e8bb61c

SHA-256:
874745ecc8ed25ae80c885174f61e0ba8be84bea84e6ce061ebcd15e1a81ccd0

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/18/2024 9:06:20 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
Adware/Win32.InstallCore
2015.04.27

avast!
Win32:InstallCore-F [PUP]
150414-0

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt.Win32.AdWare.InstallCore.0
21926

Dr.Web
Adware.InstallCore.14
9.0.1.05190

ESET NOD32
Win32/InstallCore.F potentially unwanted (variant)
9.11546

Fortinet FortiGate
Riskware/InstallCore
4/28/2015

F-Prot
W32/InstallCore.A.gen
4.6.5.141

G Data
Win32.Adware.InstallCore.DX
15.4.25

K7 AntiVirus
Trojan
13.203.15720

Kaspersky
not-a-virus:HEUR:WebToolbar.Win32.InstallCore.12542516
14.0.0.2122

NANO AntiVirus
Riskware.Win32.InstallCore.nybbq
0.30.24.1357

Norman
Gen:Variant.Application.InstallCore.1
03.12.2014 13:20:04

nProtect
Trojan-Clicker/W32.InstallCore.570888
15.04.28.01

Quick Heal
Trojan.Sisproc.A8
4.15.14.00

Reason Heuristics
Threat.ironSource.Installer
15.4.28.12

Rising Antivirus
PE:AdWare.Win32.InstallCore.b!1075350581
23.00.65.15426

Sophos
PUA 'Install Core Installer'
5.13

SUPERAntiSpyware
Adware.InstallCore
9908

Trend Micro House Call
TROJ_INSTALLCORE_0000056.TOMA
7.2.118

Vba32 AntiVirus
BScope.Malware-Cryptor.Sinba.B
3.12.26.3

VIPRE Antivirus
Threat.5063361
39676

Zillya! Antivirus
Trojan.Menti.Win32.25110
2.0.0.2157

File size:
557.5 KB (570,888 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\Program Files\foxtabpdfconverter\uninstall\uninstall.exe

Digital Signature
Signed by:
Install Core

Authority:
The USERTRUST Network

Valid from:
2/1/2011 6:00:00 PM

Valid to:
2/2/2012 5:59:59 PM

Subject:
CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:hGMK5hQ5a9gLkEUtzQqxHQi274isouxNwGZvjmWgEvEufTpZ+pMMgB:hGj5hQ5uAkEmzvH674UuxN5mpEMufTpX

Entry address:
0x119260

Entry point:
60, BE, 00, 60, 49, 00, 8D, BE, 00, B0, F6, FF, C7, 87, 10, 97, 0C, 00, 03, 72, EE, D3, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8879

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
528 KB (540,672 bytes)

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.