» uninstall.exe
Overview
Analysis
File Details

uninstall.exe

ContentExplorer Uninstaller

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application uninstall.exe, “ContentExplorer Uninstall” by Lake Ventures has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

uninstall.exe

Publisher:

ContentExplorer.net (signed by Lake Ventures LLC)

Product:

ContentExplorer Uninstaller

Description:

ContentExplorer Uninstall

Version:

1.0.0.0

MD5:

265d2684d23dc7ea25a64c97ff6205ec

SHA-1:

6c2078ca9b74ce53f22388340e9462346b8d2750

SHA-256:

48f78e291b16b72defc70b03094f024be02d4bbdf76300b30d42bd3c0f5284d9

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 11:28:40 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.InstallBrain

2.1.4+

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win32:IBryte-MC [PUP]

2014.9-160215

Baidu Antivirus

Adware.Win32.iBryte

4.0.3.16215

Bkav FE

W32.HfsAdware

1.3.0.7062

Comodo Security

ApplicUnwnt

23010

Dr.Web

Trojan.iBryte.501

9.0.1.046

ESET NOD32

MSIL/Adware.iBryte.T application

10.7.0.302.0

F-Secure

Suspicious:W32/Malware.42127319c2!Online

11.2016-15-02_2

G Data

Win32.Application.Agent.60OZMS

16.2.25

IKARUS anti.virus

PUA.Downloader

t3scan.1.7.8.0

NANO AntiVirus

Riskware.Win32.BPlug.djpkri

0.30.0.65070

Panda Antivirus

Generic Suspicious

16.02.15.02

Quick Heal

PUA.Lakeventur.Gen

2.16.14.00

Reason Heuristics

PUP.Adknowledge.LakeVentures.Bundler (M)

16.2.15.14

Sophos

Generic PUA EC

4.98

Trend Micro House Call

Suspicious_GEN.F47V0129

7.2.46

VIPRE Antivirus

Threat.5064620

42326

File size:

127.7 KB (130,800 bytes)

Product version:

1.0.0.0

Original file name:

uninstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\contentexplorer\uninstall.exe

Digital Signature

Signed by:

Lake Ventures LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/17/2013 4:22:44 PM

Valid to:

12/17/2014 4:22:44 PM

Subject:

CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B14BBCA37F140

File PE Metadata

Compilation timestamp:

11/8/2014 8:00:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:s4URTRrZIlmMTdc9lLDf8M6EeFvS614yMtgRf8btZ+KtIxzoiVhTgV9YUW/to1N7:GrKlcLBKFvS6eyMaf8buKqoscVV4NFyB

Entry address:

0x1E50A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5570

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

113.5 KB (116,224 bytes)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.