home

uninstall.exe

The application uninstall.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
MD5:
073301e27f5b8c4db84c4700a53e92b8

SHA-1:
57c2e552c8a6f75e42a3870965ac41d5ced1fe23

SHA-256:
405608d7b68210ca4e122bc1e1c98198c115c19123369215a0f1b2bb6b87c5d6

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/19/2024 6:56:28 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/Downloader.Gen6
8.3.1.6

AVG
Adware InstallCore.BG
2014.0.4311

Clam AntiVirus
Win.Adware.453613
0.98/20518

Comodo Security
Application.Win32.ClickRun.A
22258

Dr.Web
Adware.InstallCore.53
9.0.1.05190

ESET NOD32
Win32/InstallCore.AG potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.V.gen
4.6.5.141

K7 AntiVirus
Unwanted-Program
13.204.16062

NANO AntiVirus
Trojan.Win32.InstallCore.cquvfb
0.30.24.1636

Norman
Adware.Generic.453613
03.12.2014 13:20:04

Panda Antivirus
PUP/MultiToolbar.A
15.05.28.05

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.28.17

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15526

Sophos
PUA 'Install Core Click run software'
5.14

SUPERAntiSpyware
Adware.InstallCore
9848

Trend Micro House Call
HV_INSTALLCORE_BK08407C.TOMC
7.2.148

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.26.4

VIPRE Antivirus
Threat.4150696
40552

File size:
1.1 MB (1,144,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\uninstall.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:GdfNEVHAW0jG/qt3LPU9zJWTc8EK4aJ6dzXn+JYDjN+BET:4lEVwJLM9zJWTc8EK6xXz

Entry address:
0xCE330

Entry point:
55, 8B, EC, 83, C4, F0, B8, A0, 1E, 40, 00, E8, F2, F5, FF, FF, 00, 8B, C0, FF, 25, 50, 51, 47, 00, 8B, C0, FF, 25, 4C, 51, 47, 00, 8B, C0, FF, 25, DC, 51, 47, 00, 8B, C0, FF, 25, D8, 51, 47, 00, 8B, C0, FF, 25, D4, 51, 47, 00, 8B, C0, FF, 25, 48, 51, 47, 00, 8B, C0, FF, 25, 44, 51, 47, 00, 8B, C0, FF, 25, EC, 51, 47, 00, 8B, C0, FF, 25, E8, 51, 47, 00, 8B, C0, FF, 25, E4, 51, 47, 00, 8B, C0, FF, 25, 40, 51, 47, 00, 8B, C0, FF, 25, 3C, 51, 47, 00, 8B, C0, FF, 25, 38, 51, 47, 00, 8B, C0, 53, 83, C4, BC, BB...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
841 KB (861,184 bytes)

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.