» uninstall.exe
Overview
Analysis
File Details

uninstall.exe

Install Core

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe by Install Core has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

uninstall.exe

Publisher:

Install Core (signed and verified)

MD5:

2251d3a50d5308169ddb6b80b9c9a2e4

SHA-1:

5817d4f7156ffdd4200e6c109b6a9a26aa2c386d

SHA-256:

c27b14a1f1ea2fe23e3414e3f1342cc5df5727837f3f90ba3af8602925fc64fb

Scanner detections:

29 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/19/2024 5:41:17 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.31780

6489932

Agnitum Outpost

PUA.InstallCore

7.1.1

AhnLab V3 Security

Adware/Win32.InstallCore

2015.01.31

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.206.0

avast!

Win32:InstallCore-F [PUP]

150101-1

Bitdefender

Gen:Variant.Adware.Graftor.31780

1.0.20.150

Clam AntiVirus

W32.Adware.InstallCore-2

0.98/20000

Comodo Security

ApplicUnwnt.Win32.AdWare.InstallCore.0

20900

Dr.Web

Adware.InstallCore.20

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.31780

9.0.0.4799

ESET NOD32

Win32/InstallCore.F potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/InstallCore

1/30/2015

F-Prot

W32/InstallCore.A.gen

4.6.5.141

F-Secure

Gen:Variant.Adware.Graftor.31780

5.13.68

G Data

Gen:Variant.Adware.Graftor.31780

15.1.25

K7 AntiVirus

Trojan

13.193.14814

Malwarebytes

Adware.Agent

v2015.01.30.11

MicroWorld eScan

Gen:Variant.Adware.Graftor.31780

16.0.0.90

NANO AntiVirus

Riskware.Win32.InstallCore.nrfge

0.30.0.65070

Norman

Gen:Variant.Application.InstallCore.1

03.12.2014 13:20:04

nProtect

Trojan-Clicker/W32.InstallCore.562184

15.01.30.01

Reason Heuristics

PUP.ironSource

15.1.30.11

Rising Antivirus

PE:AdWare.Win32.InstallCore.b!1075350581

23.00.65.15128

Sophos

PUA 'Install Core Installer'

5.10

SUPERAntiSpyware

Adware.InstallCore

10084

Trend Micro House Call

ADW_INSTALLCORE_00000b0.TOMA

7.2.30

Vba32 AntiVirus

BScope.Malware-Cryptor.Sinba.B

3.12.26.3

VIPRE Antivirus

Threat.4786018

36666

Zillya! Antivirus

Backdoor.PePatch.Win32.37916

2.0.0.2049

File size:

549 KB (562,184 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\Program Files\foxtabmusicconverter\uninstall\uninstall.exe

Digital Signature

Signed by:

Install Core

Authority:

The USERTRUST Network

Valid from:

2/2/2011 12:00:00 AM

Valid to:

2/2/2012 11:59:59 PM

Subject:

CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:+xXk7PY5sUFvE2ML3AOwFSQA/KQ8NfiI6n0dMMi1:+9N5sUF8VTA0rN8NKI6n0dMMi1

Entry address:

0x113240

Entry point:

60, BE, 00, 20, 49, 00, 8D, BE, 00, F0, F6, FF, C7, 87, 10, 47, 0C, 00, B8, AE, 6C, 0A, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.8894

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

520 KB (532,480 bytes)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.