» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by ColoColo Apps (Bright Circle Investments) has been detected as adware by 14 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program EdiaplayerMv2.3 by VenturesMPlayer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

ColoColo Apps (Bright Circle Investments Ltd) (signed and verified)

MD5:

005d17b4e4fa650e5b9c00c212aa4853

SHA-1:

8216e1f1862cfd19d6db10c3f8ff5c54631efce5

SHA-256:

19458af5a9bcbdbaf796fc9f40a4de30f2bec7d4d879360400d55e726691eadc

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/10/2024 11:32:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.hqX@liT@02li

734

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.1521

Bitdefender

Gen:Application.Heur.hqX@liT@02li

1.0.20.160

Comodo Security

Application.Win32.InstallCore.GIFI

20918

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted (variant)

9.11104

F-Secure

Gen:Application.Heur.hqX@liT@02li

11.2015-01-02_1

G Data

Gen:Application.Heur.hqX@liT@02li

15.2.25

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.2554

MicroWorld eScan

Gen:Application.Heur.hqX@liT@02li

16.0.0.96

Panda Antivirus

Generic Suspicious

15.02.01.04

Qihoo 360 Security

Win32/Application.f24

1.0.0.1015

Reason Heuristics

PUP.Brightcircle

15.2.10.11

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15130

VIPRE Antivirus

Crossrider

37148

File size:

117 KB (119,768 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ediaplayermv2.3\uninstall.exe

Digital Signature

Signed by:

ColoColo Apps (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 1:00:00 AM

Valid to:

12/17/2015 12:59:59 AM

Subject:

CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata

Compilation timestamp:

1/31/2015 12:04:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:b+9qsTco749hipEVIEURI4TKMqkO4DtJr2fXPIckitUsWjcd8pySxLmY:ancniEOfPJJHiJ80SxLB

Entry address:

0x898D

Entry point:

E8, BF, 65, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F8, B1, 41, 00, E8, 2D, 0A, 00, 00, E8, 5F, 2E, 00, 00, 0F, B7, F0, 6A, 02, E8, 52, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 33, 5F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

81.5 KB (83,456 bytes)

Program Uninstaller

Program name:

EdiaplayerMv2.3

Display publisher:

VenturesMPlayer

Display version:

1.36.01.22

Uninstall string:

C:\Program Files (x86)\EdiaplayerMv2.3\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.