home

uninstall.exe

The application uninstall.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program FLV Player. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bestflvplayer.net.
MD5:
f2812c9ebb768637a2a55602f3b395ae

SHA-1:
9d2d10d0a16cb52101a1a577248abfef10e886b1

SHA-256:
4985cabe041de3e67b9f9838ff24db9413984c1569d6dccded15d27ffd0513e4

Scanner detections:
28 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 10:34:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.InstallCore.AJ
893

AhnLab V3 Security
Win-Trojan/Agent3.K.1122280
2014.08.21

Avira AntiVirus
APPL/Downloader.Gen6
7.11.168.100

avast!
Win32:InstallCore-BE [PUP]
2014.9-140826

AVG
InstallCore
2015.0.3371

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14826

Bitdefender
Application.InstallCore.AJ
1.0.20.1190

Bkav FE
W32.Clod001.Trojan
1.3.0.4959

Clam AntiVirus
Win.Adware.Installcore-141
0.98/21411

Comodo Security
UnclassifiedMalware
19257

Dr.Web
Adware.InstallCore.45
9.0.1.0238

ESET NOD32
Win32/InstallCore.AB (variant)
8.10285

Fortinet FortiGate
Riskware/InstallCore
8/26/2014

F-Prot
W32/InstallCore.V2.gen
v6.4.7.1.166

F-Secure
Application.InstallCore.AJ
11.2014-26-08_3

G Data
Application.InstallCore.AJ
14.8.24

McAfee
Artemis!F2812C9EBB76
5600.7027

MicroWorld eScan
Application.InstallCore.AJ
15.0.0.714

NANO AntiVirus
Trojan.Win32.WebToolbar.bbmdxm
0.28.2.61721

Panda Antivirus
PUP/MultiToolbar.A
14.08.26.09

Qihoo 360 Security
Win32/Application.c8a
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.12.0

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14824

Sophos
Install Core Click run software
4.98

Trend Micro House Call
TROJ_SPNR.0BIF12
7.2.238

Trend Micro
TROJ_SPNR.0BIB12
10.465.26

Vba32 AntiVirus
Adware.InstallCore.gen
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32378

File size:
1.1 MB (1,122,280 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\flvplayer\uninstall\uninstall.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:mI0lusKkyGo7m6c7Ge7ZPxO0bHABH4az9LRsxdattQechIIwJpEI1:wX87an7ZPxO0bHABYaz9LRsitQeC7wb

Entry address:
0xC1FA0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 84, EC, 41, 00, E8, 0E, F9, FF, FF, E8, A8, FF, FF, FF, 8B, C8, 85, C9, 75, 05, 33, C0, 5E, 5B, C3, A1, DC, 25, 46, 00, 89, 01, 89, 0D, DC, 25, 46, 00, 33, D2, 8B, C2, 03, C0, 8D, 44, C1, 04, 8B, 1E, 89, 18, 89, 06, 42, 83, FA, 64, 75, EC, 8B, 06, 8B, 10, 89, 16, 5E, 5B, C3, 90, 89, 00, 89, 40, 04, C3, 8B, C0, 53, 56, 8B, F2, 8B, D8, E8, 9D, FF, FF, FF, 85, C0, 75, 05, 33, C0, 5E, 5B, C3, 8B, 16, 89, 50, 08, 8B, 56, 04, 89, 50, 0C, 8B, 13, 89, 10, 89, 58, 04, 89, 42, 04, 89, 03...
 
[+]

Entropy:
7.0459

Developed / compiled with:
Microsoft Visual C++

Code size:
788 KB (806,912 bytes)

Program Uninstaller
Program name:
FLV Player

Uninstall string:
C:\Program Files (x86)\FLVPlayer\Uninstall\Uninstall.exe /Uninstall


The file uninstall.exe has been seen being distributed by the following URL.

http://www.bestflvplayer.net/.../FLVPlayerSetup_MMM.exe

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.