» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

uninstall.exe

Installer

Ignore Idea Inc. LLC

The application uninstall.exe by Ignore Idea has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program SimpleFiles by https://www.www.simples-files.com. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

uninstall.exe

Publisher:

New Monte Inc (signed by Ignore Idea Inc. LLC)

Product:

Installer

Version:

1, 0, 1059, 1

MD5:

fd5532ec21a9cbea69b51087c2dc08dd

SHA-1:

6e71923079d288a5e1a7c20df4a4b2e52284feeb

Scanner detections:

26 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/26/2024 11:08:34 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.61

354

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Installer

2015.12.09

Avira AntiVirus

PUA/EDownloader.Gen4

8.3.2.4

avast!

Win32:Adware-gen [Adw]

2014.9-160215

AVG

Adware Generic_r

2017.0.2832

Bitdefender

Gen:Variant.Application.Bundler.61

1.0.20.230

Bkav FE

HW32.Packed

1.3.0.7383

Clam AntiVirus

Win.Trojan.Agent-951332

0.98/21136

Comodo Security

Application.Win32.EDownload.WC

23690

Dr.Web

Adware.Downware.13160

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.61

8.16.02.15.07

ESET NOD32

Win32/ExpressDownloader.S potentially unwanted application

10.7.0.302.0

F-Prot

W32/Amonetize.AT.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.707065

11.2016-15-02_2

G Data

Gen:Variant.Application.Bundler.61

16.2.25

K7 AntiVirus

Adware

13.212.18027

MicroWorld eScan

Gen:Variant.Application.Bundler.61

17.0.0.138

NANO AntiVirus

Riskware.Win32.Downware.dyhbgs

1.0.10.5081

Norman

Gen:Variant.Application.Bundler.61

11.20160215

Panda Antivirus

Trj/Genetic.gen

16.02.15.07

Qihoo 360 Security

HEUR/QVM16.0.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.ViaAdvertising.IgnoreIdea.Installer (M)

16.2.15.19

Rising Antivirus

PE:Trojan.ExpressDownloader!1.A207 [F]

23.00.65.16213

VIPRE Antivirus

Threat.4150696

45588

Zillya! Antivirus

Adware.BrowseFox.Win32.213715

2.0.0.2548

File size:

3.3 MB (3,467,920 bytes)

Product version:

1.0.0.1

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\simplefiles\uninstall.exe

Digital Signature

Signed by:

Ignore Idea Inc. LLC

Authority:

Ignore Idea Inc. LLC

Valid from:

1/30/2016 12:15:37 AM

Valid to:

1/29/2017 12:15:37 AM

Subject:

CN=Ignore Idea LLC, OU=Ignore Idea LLC, O=Ignore Idea Inc. LLC, S=Manchester, C=UK

Issuer:

CN=Ignore Idea LLC, C=UK, S=Manchester, L=Manchester, E=admin@ignoreidea.com, OU=Ignore Idea LLC, O=Ignore Idea Inc. LLC

Serial number:

100001

File PE Metadata

Compilation timestamp:

1/25/2016 3:32:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

98304:klUDG5iJOv6LYnWAe7m+RSgxLMr8zTYZ9cUM:kmDJYkCiLscTiM

Entry address:

0x678013

Entry point:

E9, 12, C2, 0B, 00, A4, FA, 9F, 45, 4F, 4D, 6E, 74, CE, 0F, F2, DB, DF, 9F, E3, FB, 06, CB, 07, 26, 94, 1E, E3, 1E, E3, F6, 0B, E6, 9C, 32, EE, 5F, B3, D1, 9D, F7, FE, 03, C2, 3F, BA, 47, 92, 55, 33, CB, A6, D2, 31, CA, 7C, 62, 43, 91, C0, 89, 9A, 11, 80, 95, DB, 11, 79, B3, 96, DD, 45, 92, 60, 81, 1F, 00, 47, 0D, C0, 1D, EB, EE, 10, 94, 58, 0F, 1B, AC, C2, 23, AA, 00, E5, 84, B9, 48, A5, 42, 0E, 5F, 9B, E1, 63, 84, D8, 0F, 49, 33, 1D, CA, A2, 45, 07, 66, B4, B9, 7D, 6A, E6, 22, E0, 94, 32, 03, 17, 55, A7... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

1.5 MB (1,587,200 bytes)

Program Uninstaller

Program name:

SimpleFiles

Display publisher:

https://www.www.simples-files.com

Display version:

15.16.04

Uninstall string:

"C:\Program Files\SimpleFiles\Uninstall.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.