» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Nickel Cycle Combo

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Nickel Cycle Combo has been detected as adware by 13 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program TheTorntv V10 by esc. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Nickel Cycle Combo (signed and verified)

MD5:

6e86675729b880b5555d3b1f3212d307

SHA-1:

ad741fc6d78e4a047f198f356e096e67bfa99b38

SHA-256:

e8ca89670d471c9fff8be07f5a3dbfdd338409090df3db4087dffb4156e40bbb

Scanner detections:

13 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/26/2024 9:57:18 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2014.11.27

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.179.162

AVG

Nickel

2015.0.3316

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141218

ESET NOD32

Win32/Toolbar.CrossRider.AW (variant)

8.10587

K7 AntiVirus

Unwanted-Program

13.186.14150

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.2778

Panda Antivirus

Trj/Genetic.gen

14.12.18.09

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Adware.NickelCycleCombo.J

14.10.19.17

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

VIPRE Antivirus

Threat.4150696

35088

Zillya! Antivirus

Trojan.GoogUpdate.Win32.3838

2.0.0.1994

File size:

85.9 KB (87,968 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\thetorntv v10\uninstall.exe

Digital Signature

Signed by:

Nickel Cycle Combo

Authority:

COMODO CA Limited

Valid from:

8/28/2014 2:00:00 AM

Valid to:

8/29/2015 1:59:59 AM

Subject:

CN=Nickel Cycle Combo, O=Nickel Cycle Combo, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E88B19F4C25DE21197EE9D01573D202A

File PE Metadata

Compilation timestamp:

10/7/2014 9:34:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:WEFI6tkFrn+nTIHPt59st8QccFazessWjcdq/R9PW0:TFGp+TIHPVsvDazgq/R9Pv

Entry address:

0x4E1D

Entry point:

E8, 1E, 59, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 2E, 41, 00, E8, 2D, 0A, 00, 00, E8, 8C, 24, 00, 00, 0F, B7, F0, 6A, 02, E8, B1, 58, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 92, 52, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

52 KB (53,248 bytes)

Program Uninstaller

Program name:

TheTorntv V10

Display publisher:

esc

Display version:

1.35.9.29

Uninstall string:

C:\Program Files (x86)\TheTorntv V10\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.