» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Naruto Source has been detected as adware by 12 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program SavePass 1.1 by OB. This file is typically installed with the program SavePass 1.1 by Morgan Enter Mode which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

uninstall.exe

Publisher:

Naruto Source (signed and verified)

MD5:

e15a4efd4b9770b3d8d1e1179f5721bf

SHA-1:

bce329630d3789920927d108fdc12bdc11950bc4

SHA-256:

7ee00e3aa664c49e04f999d08043c7ca83a04fd0cd13080fafb741ce407f1475

Scanner detections:

12 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

5/10/2024 5:08:50 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

7.11.30.172

AVG

Generic

2015.0.3312

Dr.Web

Trojan.Crossrider.29967

9.0.1.0296

G Data

Win32.Adware.Crossrider

14.10.24

K7 AntiVirus

Unwanted-Program

13.183.13451

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3055

NANO AntiVirus

Trojan.Win32.GoogUpdate.dedbnd

0.28.2.62286

Panda Antivirus

Trj/Genetic.gen

14.10.23.10

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

SUPERAntiSpyware

Trojan.Agent/Gen-Trafog

10281

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

Zillya! Antivirus

Trojan.GoogUpdate.Win32.114

2.0.0.1929

File size:

99.9 KB (102,248 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\savepass 1.1\uninstall.exe

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/28/2014 2:00:00 AM

Valid to:

7/29/2015 1:59:59 AM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

8/7/2014 12:03:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:CEQRyHvDkLk9ZCOSt/qcMT3mbS7KUWxcV/T7sWjcdCCuu+nZ:PFx9ZvQqcUeYrECCuu+Z

Entry address:

0x4E24

Entry point:

E8, E9, 63, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, 6E, 41, 00, E8, 26, 0A, 00, 00, E8, 85, 24, 00, 00, 0F, B7, F0, 6A, 02, E8, 7C, 63, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 5D, 5D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

65 KB (66,560 bytes)

Program Uninstaller

Program name:

SavePass 1.1

Display publisher:

Display version:

1.34.7.29

Uninstall string:

C:\Program Files (x86)\SavePass 1.1\Uninstall.exe /fcp=1

The file uninstall.exe has been discovered within the following program.

SavePass 1.1 by Morgan Enter Mode

SavePass distributed by Brightcircle is a web browser extension that injects display advertising in the user's browser.

83% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.