» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Morgan Enter Mode

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Morgan Enter Mode has been detected as adware by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program GoHD by InstallMoon. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Morgan Enter Mode (signed and verified)

MD5:

599fff99998c99b513767616933f356c

SHA-1:

b7c5860f5cc6d46f36df5ecced01a0bd91f22fa3

SHA-256:

bf2a6b71665d7e6658074339350a574bc273b2def8a25d609cdaf1adc8d3d91f

Scanner detections:

12 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 2:20:00 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.179.162

AVG

Morgan

2015.0.3316

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141019

ESET NOD32

Win32/Toolbar.CrossRider.AW (variant)

8.10587

Fortinet FortiGate

Adware/Adwapper

11/10/2014

G Data

Win32.Adware.Crossrider

14.10.24

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.494

McAfee

Artemis!50DE278D6B4C

5600.6950

NANO AntiVirus

Riskware.Win32.Crossrider.dgyyfk

0.28.2.62841

Qihoo 360 Security

Win32/Virus.Adware.a87

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.11.10.14

Sophos

Generic PUA BM

4.98

File size:

100.9 KB (103,328 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\gohd\uninstall.exe

Digital Signature

Signed by:

Morgan Enter Mode

Authority:

COMODO CA Limited

Valid from:

8/28/2014 2:00:00 AM

Valid to:

8/29/2015 1:59:59 AM

Subject:

CN=Morgan Enter Mode, O=Morgan Enter Mode, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E247EA066029B70533C15792B60ED4D8

File PE Metadata

Compilation timestamp:

10/18/2014 9:46:37 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:lkhVxLd2yEUUMiOvftTrG0JAiFclUwsWjcdfzh6TG2K:mbxLgUJnCNU/Lh6TGF

Entry address:

0x51D5

Entry point:

E8, 38, 66, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 6E, 41, 00, E8, 25, 0A, 00, 00, E8, CB, 32, 00, 00, 0F, B7, F0, 6A, 02, E8, CB, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AC, 5F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

66 KB (67,584 bytes)

Program Uninstaller

Program name:

GoHD

Display publisher:

InstallMoon

Display version:

1.35.9.29

Uninstall string:

C:\Programmi\GoHD\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.