» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

YourFileDownloader Installer

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application uninstall.exe by Via Advertising Group Limited has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. This is the uninstaller utility registered in the Windows Control Panel for the program YourFileDownloader by http://yourfiledownloader.org.

File name:

uninstall.exe

Publisher:

http://yourfiledownloader.net (signed by Via Advertising Group Limited)

Product:

YourFileDownloader Installer

Version:

1, 0, 172, 1

MD5:

366b3a3d6936eb8acfe4a3e5bc446c97

SHA-1:

bf8cb3faedef1ed6e44a811079fc967c90173492

SHA-256:

a98dbfd00bf16c9ac7ed8fdccacb842972ce08e9d7174b0a058e4a310dff59f3

Scanner detections:

30 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 2:41:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.567021

355

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

Win-PUP/YourFileDownloader

2015.02.14

Avira AntiVirus

TR/EDownload.J.2

7.11.169.82

avast!

Win32:Downloader-UEO [PUP]

2014.9-160215

AVG

Adware BundleApp_r

2017.0.2833

Baidu Antivirus

PUA.Win32.ExpressDownloader

4.0.3.16215

Bitdefender

Gen:Variant.Application.Strictor.70984

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.ExpressDownloader.DA

21731

Dr.Web

Adware.Downware.8624

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Kazy.567021

8.16.02.15.11

ESET NOD32

Win32/ExpressDownloader.J potentially unwanted application

10.7.0.302.0

F-Prot

W32/A-42de288b

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.567021

11.2016-15-02_2

G Data

Gen:Variant.Application.Strictor.70984

16.2.25

IKARUS anti.virus

PUA.Expressdownloader

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.183.13550

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.658

Malwarebytes

PUP.Optional.YourFileDown

v2016.02.15.11

MicroWorld eScan

Gen:Variant.Application.Strictor.70984

17.0.0.138

NANO AntiVirus

Riskware.Win32.Downware.deefau

0.28.2.61861

Norman

Gen:Variant.Kazy.567021

11.20160215

Panda Antivirus

Generic Suspicious

16.02.15.11

Reason Heuristics

PUP.Via Advertising.ViaAdvertisingGroup.Bundler (M)

16.2.15.11

Rising Antivirus

PE:Malware.Kazy!6.1E64

23.00.65.16213

Sophos

PUA 'Go For Files'

5.14

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Threat.4758264

32938

Zillya! Antivirus

Downloader.Agent.Win32.221440

2.0.0.1939

File size:

2.5 MB (2,594,400 bytes)

Product version:

1.0.0.1

Original file name:

YourFileDownloaderInstaller.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

YourFile Downloader

Language:

English

Common path:

C:\Program Files\yourfiledownloader\uninstall.exe

Digital Signature

Signed by:

Via Advertising Group Limited

Authority:

COMODO CA Limited

Valid from:

4/11/2013 5:00:00 PM

Valid to:

4/11/2016 4:59:59 PM

Subject:

CN=Via Advertising Group Limited, O=Via Advertising Group Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BABC309174F531C6762BBA466401FEAF

File PE Metadata

Compilation timestamp:

8/13/2014 11:34:00 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:teenXuLsW8cceO2BpQNVthm1cy8966M3pqLZtPD/NHOmOgSPDcMqRnfcwA1fgjmQ:teTLF8cceaNBm1n8AxpqNtPD1HO9X7c3

Entry address:

0x2F5200

Entry point:

60, BE, 00, 90, 4A, 00, 8D, BE, 00, 80, F5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.7353

Packer / compiler:

UPX 2.90LZMA

Code size:

2.3 MB (2,412,544 bytes)

Program Uninstaller

Program name:

YourFileDownloader

Display publisher:

http://yourfiledownloader.org

Display version:

2.14.35

Uninstall string:

"C:\Program Files (x86)\YourFileDownloader\Uninstall.exe"

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.