home

uninstall.exe

Startpage24 Startpage

Link64 GmbH

The application uninstall.exe, “Updater [Startpage24_*.exe]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program Startpage24 by Link64 which is a potentially unwanted software program.
Publisher:
Link64 GmbH  (signed and verified)

Product:
Startpage24 Startpage

Description:
Updater [Startpage24_*.exe]

Version:
2.0.0.889

MD5:
ea263b0f2ff96cd5f5738e802a7ff4b3

SHA-1:
aea80e7591c45779e479dfbdce447c1ef4a273d8

SHA-256:
41faa3a48995059fe7e7b725dcd435c8f0e445d2ec62089456a6a9d8d121ee6d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/23/2024 6:32:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.13.0

File size:
685.6 KB (702,048 bytes)

Product version:
2.0.0.889

Copyright:
(c) 2008-12 Link64 GmbH. All rights reserved.

Original file name:
Startpage24_Install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\startpage24\plugin_old4\uninstall.exe

Digital Signature
Signed by:
Link64 GmbH

Authority:
Thawte, Inc.

Valid from:
2/20/2013 1:00:00 AM

Valid to:
3/23/2015 12:59:59 AM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
70B8C92A22236AF8064642CFE2790458

File PE Metadata
Compilation timestamp:
10/30/2013 3:10:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:/MB5eIb3q3q3M2+1nc/uhWT7rCBJ/n95Ldq0KR1e:0Bl3Mq82+Bc/VT7rC/PLdq0KRw

Entry address:
0x765D

Entry point:
E8, 22, 71, 00, 00, E9, 17, FE, FF, FF, 6A, 0C, 68, 30, 9F, 44, 00, E8, A1, 12, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, C4, 42, 45, 00, 03, 75, 43, 6A, 04, E8, 04, 73, 00, 00, 59, 83, 65, FC, 00, 56, E8, 72, 73, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 8E, 73, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, F2, 71, 00, 00, 59, C3, 56, 6A, 00, FF, 35, F4, 20, 45, 00, FF, 15, 68, 92, 43, 00, 85, C0, 75, 16, E8, 54, 07, 00...
 
[+]

Code size:
224 KB (229,376 bytes)

The file uninstall.exe has been discovered within the following program.

Startpage24  by Link64
This adware program that plugs into the user's web browser will hijack the home and search pages.
www.startpage24.com/webpage/en
68% remove it
 
Powered by Should I Remove It?

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.