» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

uninstall.exe

Installer

Via Advertising Group Ltd.

The application uninstall.exe by Via Advertising Group has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program SimpleFiles by https://www.www.simples-files.com. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

uninstall.exe

Publisher:

New Monte Inc (signed by Via Advertising Group Ltd.)

Product:

Installer

Version:

1, 0, 1051, 1

MD5:

57ba5febe11b3f72ea63d47baf2116f4

SHA-1:

d92eee0c88aca8fb55cdcb13ed1a260b331c7135

SHA-256:

425a8daf386cc6bb81e558b937e45b5ef9bdd47a3827646af9b9594a6ac05aee

Scanner detections:

23 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 11:28:00 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Symmi.58416

368

Avira AntiVirus

PUA/EDownloader.Gen4

8.3.2.4

avast!

Win32:Adware-gen [Adw]

2014.9-160201

AVG

Adware Generic_r

2017.0.2846

Bitdefender

Gen:Variant.Adware.Symmi.58416

1.0.20.160

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

Application.Win32.EDownload.WC

23690

Dr.Web

Adware.Downware.12296

9.0.1.032

Emsisoft Anti-Malware

Gen:Variant.Adware.Symmi.58416

8.16.02.01.05

ESET NOD32

Win32/ExpressDownloader.P.gen potentially unwanted application

10.7.0.302.0

F-Prot

W32/S-c4b4eeef

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Symmi

11.2016-01-02_2

G Data

Gen:Variant.Adware.Symmi.58416

16.2.25

K7 AntiVirus

Adware

13.212.18037

MicroWorld eScan

Gen:Variant.Adware.Symmi.58416

17.0.0.96

Norman

Gen:Variant.Adware.Symmi.58416

11.20160201

Panda Antivirus

Generic Suspicious

16.02.01.05

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.Via Advertising.ViaAdvertisingGroup.Installer (M)

16.2.1.17

Rising Antivirus

PE:Trojan.ExpressDownloader!1.A207 [F]

23.00.65.16130

Vba32 AntiVirus

Malware-Cryptor.General.6

3.12.26.4

VIPRE Antivirus

Threat.5225901

45208

Zillya! Antivirus

Adware.BrowseFox.Win32.220979

2.0.0.2561

File size:

3.2 MB (3,399,000 bytes)

Product version:

1.0.0.1

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\Program Files\simplefiles\uninstall.exe

Digital Signature

Signed by:

Via Advertising Group Ltd.

Authority:

COMODO CA Limited

Valid from:

2/26/2015 4:00:00 PM

Valid to:

2/26/2017 3:59:59 PM

Subject:

CN=Via Advertising Group Ltd., O=Via Advertising Group Ltd., STREET=Boumpoulinas 11, L=Nicosia, S=n/a, PostalCode=1060, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008B2BB84E7F31907B6B96E71DB3365B38

File PE Metadata

Compilation timestamp:

12/11/2015 1:26:58 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

49152:ii4RfO9qTjUZC1uQ7YVxBx5b65QYGZPHIe1x82xME3dHRwWh9uEnrDB1wc7OluSK:x4osTSCc1XbZgen82xHHRLv9VOMitDvA

Entry address:

0x6FFA1E

Entry point:

60, 60, E9, 2C, BE, 00, 00, 44, 62, A4, 0C, 6B, C7, 12, FE, 8A, EC, 29, 77, 5D, 77, 65, 6B, B0, F6, 46, AD, 99, 46, 7C, DE, 2C, 32, 32, 34, 8A, 11, 47, 53, 91, F5, 9E, 19, 12, 6A, 0C, F4, CE, A8, 90, B2, A8, 52, 98, B2, 98, BA, A0, BA, 70, 56, 9B, F1, 3E, 88, 22, 64, 17, 25, 0B, 25, EA, 83, E6, FC, 86, CC, 84, 92, DF, 1D, A7, C1, 2D, 00, 81, 27, 46, 44, B6, 76, 58, 10, 2E, E6, E8, F4, 1E, 43, 9D, 4D, 4F, 83, D1, 91, 6B, EB, EE, 7A, 98, F0, F3, BE, 8A, C8, 2C, 6C, 8B, 83, 21, AC, 38, 46, A2, 99, 65, 6F, 8F... 
[+]

Entropy:

7.9092 (probably packed)

Code size:

1.5 MB (1,588,224 bytes)

Program Uninstaller

Program name:

SimpleFiles

Display publisher:

https://www.www.simples-files.com

Display version:

15.15.52

Uninstall string:

"C:\Program Files (x86)\SimpleFiles\Uninstall.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.