» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Ninja Loader

CLICK YES BELOW LP

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application uninstall.exe, “Setup Application” has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program Ninja Loader by CLICK YES BELOW LP. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

uninstall.exe

Publisher:

CLICK YES BELOW LP

Product:

Ninja Loader

Description:

Setup Application

Version:

134.0.0.478

MD5:

82b28d748fb04674c061876e629a4c10

SHA-1:

cb94b44ac4bbb3e6d9e3897093f5a40f991d2ce5

SHA-256:

7b1a25bbecada67200e31d1b12c1ce214813cc0a91ffa9abb0839935394373c6

Scanner detections:

3 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 1:51:03 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Adware.Amonetize-511

0.98/20133

Panda Antivirus

Trj/Genetic.gen

15.03.02.01

Reason Heuristics

PUP.Installer.Outbrowse

15.3.2.0

File size:

105.1 KB (107,602 bytes)

Product version:

1.0.0.0

В© CLICK YES BELOW LP

Trademarks:

Ninja Loader is a trademark of CLICK YES BELOW LP

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

English (United States)

Common path:

C:\Program Files\ninja loader\uninstall.exe

File PE Metadata

Compilation timestamp:

10/7/2014 12:40:26 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:VIWGC7W7BuDcYzIDWVOJY50FDWNMBZ3WWu2FiZRV6s:LGC7W7BUiWcY50FDWNMXFiv3

Entry address:

0x322E

Entry point:

81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 78, 4F, 43, 00, E8, FD, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, D8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, C0, 3E, 43, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 56, 2B, 00, 00... 
[+]

Entropy:

7.0180

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

Program Uninstaller

Program name:

Ninja Loader

Display publisher:

CLICK YES BELOW LP

Display version:

134.0.0.478

Uninstall string:

C:\Program Files (x86)\Ninja Loader\uninstall.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.