» uninstall.exe
Overview
Analysis
File Details
Behaviors (3)
Network (22)

uninstall.exe

The application uninstall.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Chromium by Chromium.

File name:

uninstall.exe

MD5:

c0849e012422d70dc01b3509483531cb

SHA-1:

5dfc3c2caeb283233e348a3f2c429359e8843abd

SHA-256:

4d041bbbdcfb4ada8848b5355b5f6a5c54b6cc154058d966998bd415e52f851c

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 12:40:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.70838

-36

Avira AntiVirus

ADWARE/DealPly.wqotx

8.3.3.4

Arcabit

Trojan.Symmi.D114B6

1.0.0.798

Bitdefender

Gen:Variant.Symmi.70838

1.0.20.355

Emsisoft Anti-Malware

Gen:Variant.Symmi.70838

8.17.03.12.02

F-Secure

Variant.Symmi.70838

5.16.24

G Data

Gen:Variant.Symmi.70838

17.3.A:25.11141B:25.9063

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Generic

14.0.0.-1296

McAfee

Artemis!C0849E012422

5600.6097

MicroWorld eScan

Gen:Variant.Symmi.70838

18.0.0.213

Panda Antivirus

Trj/GdSda.A

17.03.12.01

Qihoo 360 Security

HEUR/QVM05.1.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Malware.Heuristic!ET#87% (rdm+)

23.00.65.17310

Sophos

Generic PUA FN (PUA)

4.98

Trend Micro House Call

TROJ_GEN.R0C1H09CB17

7.2.71

File size:

665 KB (680,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\config\systemprofile\appdata\local\{4ed87884-6a70-143c-07e8-31d42380cd4c}\uninstall.exe

File PE Metadata

Compilation timestamp:

1/20/2014 4:00:00 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x8D7DC

Entry point:

55, 8B, EC, 83, C4, F0, B8, 80, CD, 48, 00, E8, 50, 9B, F7, FF, A1, E0, FC, 48, 00, 8B, 00, E8, C0, 41, FD, FF, 8B, 0D, 78, FD, 48, 00, A1, E0, FC, 48, 00, 8B, 00, 8B, 15, 78, 37, 46, 00, E8, C0, 41, FD, FF, A1, E0, FC, 48, 00, 8B, 00, E8, 04, 43, FD, FF, E8, 83, 72, F7, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.8242

Developed / compiled with:

Microsoft Visual C++

Code size:

562.5 KB (576,000 bytes)

2 Program Uninstaller

Program name:

Chromium

Display publisher:

Chromium

Display version:

51.0.2683.0

Uninstall string:

"C:\Windows\system32\config\systemprofile\AppData\Local\{4ED87884-6A70-143C-07E8-31D42380CD4C}\uninstall.exe" /Uninstall /s /noun /DelSelfDir

Program name:

Yahoo! Powered

Uninstall string:

"C:\users\{user}\appdata\local\{f20fc453-d6a7-a8eb-bb3f-8d039f57719b}\uninstall.exe" \uninstall \s \noun \delselfdir

Scheduled Task

Task name:

{E09F396E-1281-4400-B5F0-75E47D860800}

Trigger:

Daily (Runs daily at 8:12 PM)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-23-21-246-202.compute-1.amazonaws.com (23.21.246.202:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (52.216.17.168:80)

TCP (HTTP):

Connects to ec2-54-225-212-5.compute-1.amazonaws.com (54.225.212.5:80)

TCP (HTTP):

Connects to ec2-107-20-201-65.compute-1.amazonaws.com (107.20.201.65:80)

TCP (HTTP SSL):

Connects to geoip-zlb.vips.scl3.mozilla.com (63.245.215.82:443)

TCP (HTTP):

Connects to ec2-23-23-110-40.compute-1.amazonaws.com (23.23.110.40:80)

TCP (HTTP):

Connects to server-54-192-75-115.hkg50.r.cloudfront.net (54.192.75.115:80)

TCP (HTTP):

Connects to server-52-84-7-148.ord54.r.cloudfront.net (52.84.7.148:80)

TCP (HTTP):

Connects to server-52-84-174-183.gru50.r.cloudfront.net (52.84.174.183:80)

TCP (HTTP):

Connects to ec2-54-191-37-103.us-west-2.compute.amazonaws.com (54.191.37.103:80)

TCP (HTTP):

Connects to ec2-50-19-111-63.compute-1.amazonaws.com (50.19.111.63:80)

TCP (HTTP):

Connects to ec2-23-21-246-179.compute-1.amazonaws.com (23.21.246.179:80)

TCP (HTTP):

Connects to ec2-107-21-228-208.compute-1.amazonaws.com (107.21.228.208:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.