» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

ContentExplorer Uninstaller

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application uninstall.exe, “ContentExplorer Uninstall” by Lake Ventures has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This is the uninstaller utility registered in the Windows Control Panel for the program ContentExplorer by ContentExplorer.net. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

uninstall.exe

Publisher:

ContentExplorer.net (signed by Lake Ventures LLC)

Product:

ContentExplorer Uninstaller

Description:

ContentExplorer Uninstall

Version:

1.0.0.0

MD5:

73deadc62533a5f3b5b568cd12f68fdc

SHA-1:

8777a438a84a77930fce9b457141d423f72f35d2

SHA-256:

95d7747e1f1da1b17db52799e8decf9d99617fcdddfcdda0534c287c878ee8d7

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 11:41:00 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.InstallBrain

2.1.4+

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win32:IBryte-MC [PUP]

2014.9-160213

Baidu Antivirus

Adware.Win32.iBryte

4.0.3.16213

Bkav FE

W32.HfsAdware

1.3.0.7062

Comodo Security

ApplicUnwnt

23010

Dr.Web

Trojan.iBryte.501

9.0.1.044

ESET NOD32

MSIL/Adware.iBryte.T application

10.7.0.302.0

F-Secure

Suspicious:W32/Malware.42127319c2!Online

11.2016-13-02_7

G Data

Win32.Application.Agent.60OZMS

16.2.25

IKARUS anti.virus

PUA.Downloader

t3scan.1.7.8.0

NANO AntiVirus

Riskware.Win32.BPlug.djpkri

0.30.0.65070

Panda Antivirus

Generic Suspicious

16.02.13.10

Quick Heal

PUA.Lakeventur.Gen

2.16.14.00

Reason Heuristics

PUP.Adknowledge.LakeVentures.Bundler (M)

16.2.13.22

Sophos

Generic PUA EC

4.98

Trend Micro House Call

Suspicious_GEN.F47V0129

7.2.44

VIPRE Antivirus

Threat.5064620

42326

File size:

127.7 KB (130,800 bytes)

Product version:

1.0.0.0

Original file name:

uninstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\contentexplorer\uninstall.exe

Digital Signature

Signed by:

Lake Ventures LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/18/2013 1:22:44 AM

Valid to:

12/18/2014 1:22:44 AM

Subject:

CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B14BBCA37F140

File PE Metadata

Compilation timestamp:

12/6/2014 6:45:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:yrKlYnBKFvSXeyMaf8buKXoi6tiPi7ertkdSFyS:sKqnBKFvSXeyMakb/oP6reCyS

Entry address:

0x1E50E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5572

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

113.5 KB (116,224 bytes)

Program Uninstaller

Program name:

ContentExplorer

Display publisher:

ContentExplorer.net

Display version:

8.4

Uninstall string:

C:\users\{user}\appdata\roaming\contentexplorer\uninstall.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.