home

uninstall.exe

Volonet Ltd

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe by Volonet has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the installCore installer. Additionally, the file is typically installed by a number of programs including Funmoods Web Search by Mindspark Interactive Network and Gossiper Toolbar by Conduit Ltd., both potentially unwanted software.
Publisher:
Funmoods  (signed by Volonet Ltd)

Product:
Funmoods

Version:
1.5.23.22

MD5:
aaea183a95a587a275fe0d0244b5fbc1

SHA-1:
d1b58aeb35137e47c7aee58efd43b32cb459663d

SHA-256:
7c91f897991702b4f0f22bff54432e92724e5ec3223431474ce93970f195a339

Scanner detections:
4 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 1:56:08 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Funmoods.1
9.0.1.042

Malwarebytes
PUP.FunMoods
v2014.02.11.05

Reason Heuristics
PUP.Volonet.J
14.8.7.21

Sophos
Funmoods Toolbar
4.97

File size:
242.1 KB (247,920 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\Program Files\funmoods\1.5.23.22\uninstall.exe

Digital Signature
Signed by:
Volonet Ltd

Authority:
COMODO CA Limited

Valid from:
1/10/2012 4:00:00 PM

Valid to:
11/25/2013 3:59:59 PM

Subject:
CN=Volonet Ltd, O=Volonet Ltd, STREET=hazfira 19, L=Tel Aviv, S=Israel, PostalCode=67778, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D9EB879A7F4ADB713BB56F5D9EA449DA

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:UgXdZt9P6D3XJ6xph+cIgsCh5KIOTl9wIir8bJAMuxFTJlMlE/JMzyp19bx1Yfax:Ue34g2cnhy3E8yplbMu/J9pjbxabVOzB

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.5012

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file uninstall.exe has been discovered within the following programs.

Funmoods Web Search  by Mindspark Interactive Network
Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.
start.funmoods.com
72% remove it
Gossiper Toolbar  by Conduit Ltd.
Gossiper Toolbar is a Conduit Community toolbar for various web browsers. The toolbar collects information about a user's web browsing habits and sends this information to Conduit so they can suggest services or provide advertising.
Gossiper.OurToolbar.com
65% remove it
 
Powered by Should I Remove It?

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.