» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application uninstall.exe by Sailor Project has been detected as adware by 11 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Browsers App by app. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Sailor Project (signed and verified)

MD5:

8f5eac16728c6b641509270850b365d8

SHA-1:

8320a58e055fe211da8bfb08f7b4196efdaff079

SHA-256:

2c6bf78da31bf940f0ca81d258c6bae2944334a7a08ef6774177c1973c4158a8

Scanner detections:

11 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 4:29:20 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

7.11.30.172

avast!

Win32:Crossrider-N [PUP]

140908-2

AVG

Generic

2015.0.3345

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.14920

Dr.Web

Trojan.Crossrider.27207

9.0.1.05190

G Data

Win32.Adware.Crossrider

14.9.24

K7 AntiVirus

Unwanted-Program

13.183.13432

Kaspersky

Trojan.NSIS.GoogUpdate

15.0.0.494

Panda Antivirus

Trj/Genetic.gen

14.09.20.10

Qihoo 360 Security

Win32/Trojan.3b1

1.0.0.1015

Reason Heuristics

PUP.SailorProject.J

14.9.20.21

File size:

104.4 KB (106,856 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\browsers app\uninstall.exe

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/17/2014 7:00:00 PM

Valid to:

7/18/2015 6:59:59 PM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

7/28/2014 8:26:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:4obDXeX1i0TPSqTenvADbFLcl6UcFC1sWjcd/GAHD/BqID:nDOD6q40XC6/GMD/Bqa

Entry address:

0x5AE2

Entry point:

E8, EB, 63, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D8, 7F, 41, 00, E8, 28, 0A, 00, 00, E8, 87, 24, 00, 00, 0F, B7, F0, 6A, 02, E8, 7E, 63, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 5F, 5D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3839

Code size:

69 KB (70,656 bytes)

Program Uninstaller

Program name:

Browsers App

Display publisher:

app

Display version:

1.34.7.1

Uninstall string:

C:\Program Files (x86)\Browsers App\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.