» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Berserk Group

Part of the Crossrider framework, a web browser extension that will deliver advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application uninstall.exe by Berserk Group has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program CineDPV2 by CineDP. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

uninstall.exe

Publisher:

Berserk Group (signed and verified)

MD5:

1536ae2acc505f5f0176e50eaf34206e

SHA-1:

7ac3b56e2f21a0417d6a0190cd10d971f04d44bc

SHA-256:

500c892ffa9a534a43b3e8e2c7ed439dd0921ae7dd7e2091dc94ab26e5a9dad7

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/24/2024 10:53:06 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Crossrider (M)

17.3.16.9

File size:

100.9 KB (103,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\cinedpv2\uninstall.exe

Digital Signature

Signed by:

Berserk Group

Authority:

COMODO CA Limited

Valid from:

8/14/2014 2:00:00 AM

Valid to:

8/15/2015 1:59:59 AM

Subject:

CN=Berserk Group, O=Berserk Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

58761EBCDB730A1C637A95BCB768285A

File PE Metadata

Compilation timestamp:

8/30/2014 12:04:21 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x50F5

Entry point:

E8, 38, 66, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 6E, 41, 00, E8, 25, 0A, 00, 00, E8, 43, 33, 00, 00, 0F, B7, F0, 6A, 02, E8, CB, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AC, 5F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

66 KB (67,584 bytes)

Program Uninstaller

Program name:

CineDPV2

Display publisher:

CineDP

Display version:

1.34.8.12

Uninstall string:

C:\Program Files (x86)\CineDPV2\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.