» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Blondie Project (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Blondie Project (Bright Circle Investments) has been detected as adware by 31 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program winservice86 by Corporate Inc. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

uninstall.exe

Publisher:

Blondie Project (Bright Circle Investments Ltd) (signed and verified)

MD5:

354af86f7a4bd47e675d6f49932a5126

SHA-1:

c03e4187d334ff8bd8d6723f7714d2e9e7ea7505

SHA-256:

868c5b88ae98fafb217ea2dbda14126a4995edb895b58ba9e5bdb34c41b2ba07

Scanner detections:

31 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars. Distributed through the Brightcircle investments brand.

Analysis date:

4/23/2024 7:05:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.hqX@l4VFc3oi

5800457

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.06.06

Avira AntiVirus

ADWARE/CrossRider.Gen7

8.3.1.6

Arcabit

Application.Heur.ED14F56

1.0.0.425

avast!

Win32:PUP-gen [PUP]

150810-3

AVG

Generic

2016.0.3001

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.15830

Bitdefender

Gen:Application.Heur.hqX@l4VFc3oi

1.0.20.1210

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.InstallCore.GIFI

22350

Dr.Web

Trojan.Crossrider1.23869

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Heur.hqX@l4VFc3oi

10.0.0.5366

ESET NOD32

Win32/Toolbar.CrossRider.CU potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/CrossRider

8/30/2015

F-Secure

Riskware.Gen:Application.Heur.hqX@l4VFc3oi

5.14.151

G Data

Gen:Application.Heur.hqX@l4VFc3oi

15.8.25

K7 AntiVirus

Unwanted-Program

13.204.16151

Malwarebytes

PUP.Optional.InstallCore.C

v2015.08.30.09

McAfee

Trojan.Artemis!354AF86F7A4B

17.6.569.0

MicroWorld eScan

Gen:Application.Heur.hqX@l4VFc3oi

16.0.0.726

Norman

Gen:Application.Heur.hqX@l4VFc3oi

04.08.2015 10:30:46

Panda Antivirus

Generic Suspicious

15.08.30.09

Qihoo 360 Security

Win32/Application.f21

1.0.0.1015

Quick Heal

PUA.BrightCircle.OD6

8.15.14.00

Reason Heuristics

PUP.Brightcircle

15.3.1.12

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15828

Sophos

PUA 'AppRider' (of type Adware)

5.15

Trend Micro House Call

TROJ_GEN.F0C2C00CF15

7.2.242

Trend Micro

TROJ_GEN.F0C2C00CF15

10.465.30

VIPRE Antivirus

Threat.4789396

42326

File size:

121.5 KB (124,376 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\winservice86\uninstall.exe

Digital Signature

Signed by:

Blondie Project (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 12:00:00 AM

Valid to:

12/16/2015 11:59:59 PM

Subject:

CN=Blondie Project (Bright Circle Investments Ltd), O=Blondie Project (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0903CC287C7EEA81D3C21DBB234D320C

File PE Metadata

Compilation timestamp:

2/27/2015 11:04:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:7UPb8aJzT3yG36pfwAP2DBHjJr4jDv/OU+ifclnSsWjcdxUeybKy16u:IIazAP2hjdunudxU/bJr

Entry address:

0x9336

Entry point:

E8, 06, 68, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A8, C3, 41, 00, E8, 24, 0A, 00, 00, E8, 2B, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, 99, 67, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 7A, 61, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

85.5 KB (87,552 bytes)

Program Uninstaller

Program name:

winservice86

Display publisher:

Corporate Inc

Display version:

1.36.01.22

Uninstall string:

C:\Program Files\winservice86\Uninstall.exe /fcp=1 /runexe='C:\Program Files\winservice86\UninstallBrw.exe' /url='http://static.gonotiftime.com/notf_sys/index.html' /brwtype='uni' /onerrorexe='C:\Prog

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.