» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

The application uninstall.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Com NotificationV30.06 by Com NotificationV30.06. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

uninstall.exe

MD5:

e3945898dd832a1aa6cc1a4f4aa67865

SHA-1:

96674dc6706b52fca60d314e898056c4f09a465e

SHA-256:

bf4c5e0cdbd94dac29bbc08e0515e90f2f658e17a4d601c13caf1e1d98fe9be4

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 1:31:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.gqW@lqfhqCfi

5707090

AhnLab V3 Security

PUP/Win32.CrossRider

2015.07.02

Avira AntiVirus

ADWARE/CrossRider.A.442

8.3.1.6

Arcabit

Application.Heur.ECD26DF

1.0.0.425

Baidu Antivirus

Adware.Win32.Agent

4.0.3.1571

Bitdefender

Gen:Application.Heur.gqW@lqfhqCfi

1.0.20.910

Comodo Security

Application.Win32.InstallCore.GIFI

22638

Emsisoft Anti-Malware

Gen:Application.Heur.gqW@lqfhqCfi

10.0.0.5366

F-Secure

Riskware.Gen:Application.Heur.gqW@lqfhqCfi

5.14.151

G Data

Gen:Application.Heur.gqW@lqfhqCfi

15.7.25

Kaspersky

not-a-virus:AdWare.Win32.Agent

15.0.0.543

MicroWorld eScan

Gen:Application.Heur.gqW@lqfhqCfi

16.0.0.546

Norman

Gen:Application.Heur.gqW@lqfhqCfi

02.06.2015 14:23:46

Panda Antivirus

Generic Suspicious

15.07.01.11

Rising Antivirus

PE:Trojan.Win32.Generic.18D37778!416511864

23.00.65.15629

File size:

111 KB (113,664 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\com notificationv30.06\uninstall.exe

File PE Metadata

Compilation timestamp:

6/30/2015 4:04:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:Cz+6yxeli42DesuPf9hNKfKKlpml/ExUr935WYQGcFvjsWjcd6TzDwdV:Cpli42QjNKfKKlwBJuU6TzEdV

Entry address:

0x845F

Entry point:

E8, 7D, 67, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, A2, 41, 00, E8, 2B, 0A, 00, 00, E8, AA, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, 10, 67, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F1, 60, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3324

Code size:

80 KB (81,920 bytes)

Program Uninstaller

Program name:

Com NotificationV30.06

Display publisher:

Com NotificationV30.06

Display version:

1.36.01.22

Uninstall string:

C:\Program Files (x86)\Com NotificationV30.06\Uninstall.exe /fcp=1 /runexe='C:\Program Files (x86)\Com NotificationV30.06\UninstallBrw.exe' /url='http://notif.globalmaxwin.com/notf_sys/index.html' /br

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.