» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (1)

uninstall.exe

Softacular

The application uninstall.exe by Softacular has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program RocketTab: by RocketTab:. Additionally, the file is typically installed by a number of programs including Rockettab by Rich River Media, LLC and “RocketTab” by Adknowledge, both potentially unwanted software.

File name:

uninstall.exe

Publisher:

Softacular (signed and verified)

Version:

1.0.5411.14577

MD5:

b2188da375a7d95b57d756c2e9ee20f4

SHA-1:

8a37e0024a04a5b0e91065159b3ac52d2c5cf1fa

SHA-256:

3a39711746c1f11aa6c36d89e67d4633c994eae0e73b8c052e1ee37bb99956eb

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

5/19/2024 10:35:00 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Softacular

2015.0.3310

Reason Heuristics

PUP.Installer.Softacular

15.6.13.10

VIPRE Antivirus

AdKnowledge

34232

File size:

3.8 MB (3,942,112 bytes)

Product version:

1.0.5411.14577

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\search extensions\uninstall.exe

Digital Signature

Signed by:

Softacular

Authority:

COMODO CA Limited

Valid from:

3/23/2014 8:00:00 PM

Valid to:

3/24/2015 7:59:59 PM

Subject:

CN=Softacular, O=Softacular, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

753A79B32D5A96BF1872FDE1AC60DEEA

File PE Metadata

Compilation timestamp:

10/25/2014 5:06:08 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:/zITJPwLJVJeTo46v3aRmg49vW4034s26sElwrkqrZ7b3fkN9wNNxvw1CY2ktQsQ:/8NoLPJDym79L/kwo43fsaHi2pR1of6

Entry address:

0x3B8470

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.6851

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.7 MB (3,892,736 bytes)

Program Uninstaller

Program name:

RocketTab:

Display publisher:

RocketTab:

Uninstall string:

"C:\Program Files (x86)\Search Extensions\uninstall.exe" /u=true /UserID=296ac426-a022-411e-9677-b136a03b63a9 /SourceID=browsersafeguard-rockettab-amonetize /ImplementationID=browsersafeguard-rocketta

The file uninstall.exe has been discovered within the following programs.

“RocketTab” by Adknowledge

RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.

85% remove it

Rockettab by Rich River Media, LLC

RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.

rockettab.com

88% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.