» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Naruto Source has been detected as adware by 37 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program TheTorntv V10 by esc. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Naruto Source (signed and verified)

MD5:

35ffba3aec00511d2f16d5bd2bafff6d

SHA-1:

6c0e0a4a92b4ab60a0459576c0338d9ca0256856

SHA-256:

f28508934335190193210b460baa0ff832c84297e21d2d320ab110f8131574cf

Scanner detections:

37 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/26/2024 2:48:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.PDC

5694297

Agnitum Outpost

PUA.Adwapper

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.11.24

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

7.11.30.172

Arcabit

Adware.Agent.PDC

1.0.0.624

avast!

Win32:Crossrider-AA [PUP]

151024-0

AVG

Stampede

2015.0.3335

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.14101

Bitdefender

Adware.Agent.PDC

1.0.20.1665

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

Application.Win32.InstallCore.GIFI

23648

Dr.Web

Trojan.Crossrider1.23719

9.0.1.05190

Emsisoft Anti-Malware

Adware.Agent.PDC

10.0.0.5366

ESET NOD32

Win32/Toolbar.CrossRider.AW potentially unwanted application

7.0.302.0

F-Prot

W32/S-ac71d174

v6.4.7.1.166

F-Secure

Adware.Agent.PDC

5.15.21

G Data

Win32.Adware.Crossrider

14.10.24

IKARUS anti.virus

PUA.Plush

t3scan.1.7.5.0

K7 AntiVirus

Adware

13.183.13305

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.562

Malwarebytes

PUP.Optional.InstallCore

v2015.11.29.04

McAfee

Program.Artemis!35FFBA3AEC00

18.0.204.0

MicroWorld eScan

Adware.Agent.PDC

16.0.0.999

NANO AntiVirus

Riskware.Win32.Crossrider.dgpaao

0.30.26.4751

Norman

Adware.Agent.PDC

07.10.2015 03:16:12

nProtect

Adware.Agent.PDC

15.11.24.01

Panda Antivirus

Trj/Chgt.E

14.10.01.12

Qihoo 360 Security

Win32/Virus.Adware.960

1.0.0.1015

Quick Heal

PUA.Narutosour.Gen

11.15.14.00

Reason Heuristics

PUP.NarutoSource.J

14.9.1.21

Rising Antivirus

PE:Malware.CrossRider!6.2641 [F]

23.00.65.151127

Sophos

PUA 'AppRider' (of type Adware)

5.20

SUPERAntiSpyware

PUP.CrossRider/Variant

9478

Trend Micro

TROJ_GEN.R047C0EH215

10.465.29

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.4

VIPRE Antivirus

Threat.5085899

45208

Zillya! Antivirus

Adware.Adwapper.Win32.136

2.0.0.2527

File size:

102.4 KB (104,808 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\thetorntv v10\uninstall.exe

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/28/2014 3:00:00 AM

Valid to:

7/29/2015 2:59:59 AM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

9/1/2014 3:59:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:eWrEVJsXq9IK1JkrupkwYrrkSZvfsTrd0hKvo2c+thsWjcdHKMa4LR:flXq9IK1OupjcDnmttOHKMa4l

Entry address:

0x5605

Entry point:

E8, 38, 66, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 6F, 41, 00, E8, 25, 0A, 00, 00, E8, 59, 32, 00, 00, 0F, B7, F0, 6A, 02, E8, CB, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AC, 5F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4088

Code size:

67.5 KB (69,120 bytes)

Program Uninstaller

Program name:

TheTorntv V10

Display publisher:

esc

Display version:

1.34.8.12

Uninstall string:

C:\Program Files (x86)\TheTorntv V10\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.