» uninstall.exe
Overview
Analysis
File Details
Programs (1)

uninstall.exe

IE Toolbar

Zorba Networks, S.L.

The application uninstall.exe, “IE Toolbar Uninstall” by Zorba Networks, S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program RechercherWeb Toolbar by Conduit Ltd. which is a potentially unwanted software program.

File name:

uninstall.exe

Publisher:

Zorba Networks, S.L. (signed and verified)

Product:

IE Toolbar

Description:

IE Toolbar Uninstall

Version:

4.2.0.99

MD5:

e450a29e279a2e2723da0aa386fbde8a

SHA-1:

965b77f534899951962e7b033c9eb14cd507187b

SHA-256:

f7c9fcdc16c44fd731255a8b6e54617078c89cd7a5e594c683ac5ad6a32c1bd3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 11:23:01 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ZorbaNetworks.Installer (M)

16.1.13.20

File size:

48.1 KB (49,240 bytes)

Product version:

4.2.0.99

Original file name:

uninstall.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\rechercherweb toolbar\uninstall.exe

Digital Signature

Signed by:

Zorba Networks, S.L.

Authority:

COMODO CA Limited

Valid from:

12/13/2011 1:00:00 AM

Valid to:

12/13/2012 12:59:59 AM

Subject:

CN="Zorba Networks, S.L.", O="Zorba Networks, S.L.", STREET=Jativa 11, L=Madrid, S=Madrid, PostalCode=28007, C=ES

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ABFA0DB2C5AC69A6D571352C9A1378ED

File PE Metadata

Compilation timestamp:

11/17/2011 12:21:27 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:LPEMw9L1AD9z/G4/t+1UDzaXEjolz6F6U9SqJ2SgCb0RLZ84:jEHLaDhGT1UDza0j5RJ2SN0RS4

Entry address:

0x1281

Entry point:

E8, B6, 15, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 58, AD, 40, 00, 89, 0D, 54, AD, 40, 00, 89, 15, 50, AD, 40, 00, 89, 1D, 4C, AD, 40, 00, 89, 35, 48, AD, 40, 00, 89, 3D, 44, AD, 40, 00, 66, 8C, 15, 70, AD, 40, 00, 66, 8C, 0D, 64, AD, 40, 00, 66, 8C, 1D, 40, AD, 40, 00, 66, 8C, 05, 3C, AD, 40, 00, 66, 8C, 25, 38, AD, 40, 00, 66, 8C, 2D, 34, AD, 40, 00, 9C, 8F, 05, 68, AD, 40, 00, 8B, 45, 00, A3, 5C, AD, 40, 00, 8B, 45, 04, A3, 60, AD, 40, 00, 8D, 45, 08, A3, 6C, AD, 40... 
[+]

Code size:

24.5 KB (25,088 bytes)

The file uninstall.exe has been discovered within the following program.

RechercherWeb Toolbar by Conduit Ltd.

This is a Conduit toolbar installed in the user's Web browsers (IE, Chrome and Firefox) that collects and stores information about your web browsing habits and sends this information to Conduit so they can suggest services or provide ads via the toolbar.

64% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.