» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by ColoColo Apps (Bright Circle Investments) has been detected as adware by 18 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program SuperPlusRadio v2.1 by RadioCanyonv2. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

uninstall.exe

Publisher:

ColoColo Apps (Bright Circle Investments Ltd) (signed and verified)

MD5:

68eb4192f0ad9be9305de3462e18b41d

SHA-1:

a7a6b203a160835bb3b430cb8318661c2301ffb8

SHA-256:

909ba627fb84b2ba7007eaeed15b1e383f9ee8681222600efc49950c0063b230

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars. Distributed through the Brightcircle investments brand.

Analysis date:

4/25/2024 4:31:22 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.hqX@ly@0W0fi

6486625

Avira AntiVirus

TR/Crypt.ULPM.Gen

7.11.30.172

avast!

Win32:Malware-gen

150101-1

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.15130

Bitdefender

Gen:Application.Heur.hqX@ly@0W0fi

1.0.20.150

Comodo Security

Application.Win32.InstallCore.GIFI

20902

Dr.Web

Trojan.Crossrider1.14251

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Heur.hqX@ly@0W0fi

9.0.0.4799

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.hqX@ly@0W0fi

5.13.68

G Data

Gen:Application.Heur.hqX@ly@0W0fi

15.1.25

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.543

MicroWorld eScan

Gen:Application.Heur.hqX@ly@0W0fi

16.0.0.90

Norman

Gen:Application.Heur.hqX@ly@0W0fi

02.01.2015 13:58:24

Qihoo 360 Security

Win32/Virus.Adware.4b0

1.0.0.1015

Reason Heuristics

PUP.Brightcircle

15.2.10.11

Sophos

Generic PUA KH

4.98

VIPRE Antivirus

Threat.4789396

36666

File size:

125 KB (127,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\superplusradio v2.1\uninstall.exe

Digital Signature

Signed by:

ColoColo Apps (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 2:00:00 AM

Valid to:

12/17/2015 1:59:59 AM

Subject:

CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata

Compilation timestamp:

1/27/2015 1:04:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:06XTepDUNdNB4EgmvMfDDDFs1HsOGTZiS97WT6GuGm3Hc1Gh/KsWjcdwJsSVk:L+UNbNYmsOGTdCgGGhdwJsSS

Entry address:

0x9C96

Entry point:

E8, 06, 68, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 68, D4, 41, 00, E8, 24, 0A, 00, 00, E8, 9D, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, 99, 67, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 7A, 61, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4365

Code size:

89 KB (91,136 bytes)

Program Uninstaller

Program name:

SuperPlusRadio v2.1

Display publisher:

RadioCanyonv2

Display version:

1.36.01.22

Uninstall string:

C:\Program Files\SuperPlusRadio v2.1\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.