home

uninstall.exe

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application uninstall.exe by Sailor Project has been detected as adware by 22 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Sailor Project  (signed and verified)

MD5:
538aa7ce08082d5a894fb1bec01f6c16

SHA-1:
53da38dc5d4eba9bf2c0e37cb673f5fe21f91277

SHA-256:
59d8a3f34f92f9b0b414f06dc13bb8710c9c5090dc98c81e773cf67cdb7150e3

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/18/2024 12:59:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.gqX@luG4Cpai
6266345

AhnLab V3 Security
Win-PUP/CrossRider
2015.03.31

avast!
Win32:PUP-gen [PUP]
150319-1

AVG
Generic
2016.0.3154

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15331

Bitdefender
Gen:Application.Heur.gqX@luG4Cpai
1.0.20.450

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallCore.GIFI
21595

Dr.Web
Trojan.Crossrider.27207
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Heur.gqX@luG4Cpai
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.AW potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.gqX@luG4Cpai
5.13.68

G Data
Gen:Application.Heur.gqX@luG4Cpai
15.3.25

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15432

Kaspersky
Trojan.NSIS.GoogUpdate
15.0.0.543

MicroWorld eScan
Gen:Application.Heur.gqX@luG4Cpai
16.0.0.270

NANO AntiVirus
Trojan.Win32.Crossrider.dllgwh
0.30.8.659

Panda Antivirus
Trj/Genetic.gen
15.03.31.03

Reason Heuristics
PUP.Brightcircle
15.3.31.3

Rising Antivirus
PE:Malware.Adload!6.1D9D
23.00.65.15329

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

File size:
104.4 KB (106,856 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\browsers app\uninstall.exe

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/18/2014 5:30:00 AM

Valid to:
7/19/2015 5:29:59 AM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/25/2014 3:33:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:rn+kfl7zQly6S/sYmSM9p0YPmeatcVnrcpsWjcdkqBLb8IX:Ck9Ilyj1MrakdkyLb8+

Entry address:
0x5D82

Entry point:
E8, 3B, 66, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 80, 41, 00, E8, 28, 0A, 00, 00, E8, 46, 33, 00, 00, 0F, B7, F0, 6A, 02, E8, CE, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AF, 5F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3802

Code size:
70 KB (71,680 bytes)

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.