» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

uninstall.exe

Injekt LLC

This is the uninstall module for the Injekt branded web browser extension program which injects advertising in the web browser as well as modifies the browser settings. The uninstaller is registered within Control Panel > Add/Remove Programs. The application uninstall.exe by Injekt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Search Deals by CloudCanvas, Inc. DBA Injekt. This file is typically installed with the program Search Deals by CloudCanvas, Inc. which is a potentially unwanted software program.

File name:

uninstall.exe

Publisher:

Injekt LLC (signed and verified)

MD5:

9926cb4e91fa34fe8cf920c0e073b9d5

SHA-1:

c959733b7b46ddf849a9686d0cc8330a3e3c970e

SHA-256:

71b7542dac9d59382e84ff798345d6fa4292e21d49d66cc8288f28c9063a35e9

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/19/2024 10:40:33 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt.J

14.8.8.3

File size:

510.8 KB (523,104 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\searchdeals2\uninstall.exe

Digital Signature

Signed by:

Injekt LLC

Authority:

VeriSign, Inc.

Valid from:

3/23/2014 1:00:00 AM

Valid to:

6/23/2015 1:59:59 AM

Subject:

CN=Injekt LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Injekt LLC, L=Carlsbad, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

22388FB3C3238D36E8B8ABBBE3903F04

File PE Metadata

Compilation timestamp:

4/25/2014 7:36:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:IegKDNDCtxeVdbKegB54XgDJwgQaxa/nUjhLOVaNtj:BBDBC/ew54AJjQaxxoVKj

Entry address:

0x40E73

Entry point:

E8, 7E, D3, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, EC, 44, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 60, 20, 47, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, EC, 44, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03... 
[+]

Code size:

379 KB (388,096 bytes)

Program Uninstaller

Program name:

Search Deals

Display publisher:

CloudCanvas, Inc. DBA Injekt

Display version:

2.6.80

Uninstall string:

C:\ProgramData\SearchDeals2\uninstall.exe /kb=n /ic=1

The file uninstall.exe has been discovered within the following program.

Search Deals by CloudCanvas, Inc.

This is an adware web browser extension from Creative Island Media that will display various popup and banner ads as well as modify the user's web browser search and home page settings.

www.searchdealsapp.com

80% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-10-180-179.us-west-2.compute.amazonaws.com (52.10.180.179:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.