» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

YourFileDownloader Installer

Romir Production Inc

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application uninstall.exe by Romir Production Inc has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. This is the uninstaller utility registered in the Windows Control Panel for the program Update Service YourFileDownloader by http://www.yourfile-downloader.com.com. This file is typically installed with the program Update Service YourFileDownloader by http://www.yourfile-downloader.com.com which is a potentially unwanted software program. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

uninstall.exe

Publisher:

http://yourfile-downloader.com (signed by Romir Production Inc)

Product:

YourFileDownloader Installer

Version:

1, 0, 465, 1

MD5:

85cfa810e6fd502b751f881f776a23ee

SHA-1:

614eb60cad6c3134edbbd5aeb3bf289d8bcbe38d

SHA-256:

8079b38607a9e03240ab08f5839d1ce888dd6dd791c98505152c6e4f6b5ccb81

Scanner detections:

20 / 68

Status:

Potentially unwanted

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 3:13:10 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.24

741

Agnitum Outpost

PUA.Downware

7.1.1

AhnLab V3 Security

PUP/Win32.Downware

2014.10.21

Avira AntiVirus

APPL/Downloader.Gen4

7.11.186.146

avast!

Win32:Adware-gen [Adw]

2014.9-150125

AVG

Generic

2016.0.3219

Bitdefender

Gen:Variant.Application.Bundler.24

1.0.20.125

Dr.Web

Adware.Downware.9213

9.0.1.025

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.24

8.15.01.25.01

ESET NOD32

Win32/ExpressDownloader.K potentially unwanted application

7.0.302.0

F-Prot

W32/A-a2175f9d

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2015-25-01_1

G Data

Gen:Variant.Application.Bundler.24

15.1.24

IKARUS anti.virus

PUA.Expressdownloader

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.188.14380

Malwarebytes

PUP.Optional.Downloader

v2015.01.25.01

MicroWorld eScan

Gen:Variant.Application.Bundler.24

16.0.0.75

Reason Heuristics

Adware.Installer.Via Advertising

15.1.25.1

Sophos

PUA 'Go For Files'

5.09

VIPRE Antivirus

Threat.4783941

33706

File size:

3.7 MB (3,832,328 bytes)

Product version:

1.0.0.1

Original file name:

YourFileDownloaderInstaller.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

YourFile Downloader

Language:

English

Common path:

C:\Program Files\yourfiledownloader\uninstall.exe

Digital Signature

Signed by:

Romir Production Inc

Authority:

DigiCert Inc

Valid from:

11/27/2013 8:00:00 AM

Valid to:

12/1/2016 8:00:00 PM

Subject:

CN=Romir Production Inc, O=Romir Production Inc, L=Mahe, C=SC

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0E42162AE2595C541F88BCA20E8603DB

File PE Metadata

Compilation timestamp:

12/16/2014 11:55:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:r14Hu2UEk7C+SF3l7nHVrfESm3IyshszX6I263w6a:rignu+SpFHVwSm4qz263K

Entry address:

0x71F033

Entry point:

60, 68, 2B, D6, 49, 6F, C7, 44, 24, 20, CF, A0, A3, 7E, 60, 68, 9E, 68, 58, 75, C7, 44, 24, 40, 5D, AA, 5F, 8D, 68, 36, EC, 84, CE, 8D, 64, 24, 44, E9, FE, 2D, 01, 00, 66, 87, 03, 0F, 8B, 18, 03, 00, 00, 60, C7, 44, 24, 1C, A8, 99, A3, 7E, E8, 8F, 13, 00, 00, 01, F3, EA, 36, 27, D5, 48, 99, 00, 61, 0B, E3, F5, CC, B7, DD, D0, FC, D5, E2, 0F, 90, 41, 1E, 33, 68, 39, 3E, 4F, B9, 84, C1, F1, 2C, 19, 58, 33, 43, 6E, F7, 17, 4D, 54, 79, CB, A6, AD, 94, 5F, 7E, AA, 53, 50, C3, 3A, 2F, 98, E9, E7, 28, 20, 3C, 7E... 
[+]

Entropy:

7.9004 (probably packed)

Code size:

785 KB (803,840 bytes)

Program Uninstaller

Program name:

Update Service YourFileDownloader

Display publisher:

http://www.yourfile-downloader.com.com

Display version:

2.14.51

Uninstall string:

"C:\Program Files (x86)\YourFileDownloaderUpdater\Uninstall.exe"

The file uninstall.exe has been discovered within the following program.

Update Service YourFileDownloader by http://www.yourfile-downloader.com.com

This adware (AKA WinCheck, CMI, ConvertAd) is an ad Injector that is typically bundled with unwanted software offers.

www.yourfile-downloader.com.com

87% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.