home

uninstall.exe

Startpage24 Startpage

Link64 GmbH

The application uninstall.exe, “Updater [Startpage24_*.exe]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program Startpage24 by Link64 which is a potentially unwanted software program.
Publisher:
Link64 GmbH  (signed and verified)

Product:
Startpage24 Startpage

Description:
Updater [Startpage24_*.exe]

Version:
2.0.0.869

MD5:
e9632518989eea9bc4661c7fc5cbb35b

SHA-1:
dc18ecc5d31fec02551fee3bd1fb1e9917538f8b

SHA-256:
075937120e61bfa2f4eb31ad497cf3991b46ac81a79741022e19944339474c71

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 6:56:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.13.2

File size:
685.1 KB (701,592 bytes)

Product version:
2.0.0.869

Copyright:
(c) 2008-12 Link64 GmbH. All rights reserved.

Original file name:
Startpage24_Install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\startpage24\plugin_old0\uninstall.exe

Digital Signature
Signed by:
Link64 GmbH

Authority:
Thawte, Inc.

Valid from:
2/14/2011 1:00:00 AM

Valid to:
2/13/2013 12:59:59 AM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=BW, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15F5E6DF4214F9A5312FC2CB4F217D16

File PE Metadata
Compilation timestamp:
10/26/2012 4:02:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:JMBFOY7qlIGKcX3swM+5WT+ACBJ/n95Ldq0K5:WBBq+GhX31M5T+AC/PLdq0K5

Entry address:
0x765D

Entry point:
E8, 22, 71, 00, 00, E9, 17, FE, FF, FF, 6A, 0C, 68, 40, 9F, 44, 00, E8, A1, 12, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, C4, 42, 45, 00, 03, 75, 43, 6A, 04, E8, 04, 73, 00, 00, 59, 83, 65, FC, 00, 56, E8, 72, 73, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 8E, 73, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, F2, 71, 00, 00, 59, C3, 56, 6A, 00, FF, 35, F4, 20, 45, 00, FF, 15, 68, 92, 43, 00, 85, C0, 75, 16, E8, 54, 07, 00...
 
[+]

Code size:
224 KB (229,376 bytes)

The file uninstall.exe has been discovered within the following program.

Startpage24  by Link64
This adware program that plugs into the user's web browser will hijack the home and search pages.
www.startpage24.com/webpage/en
68% remove it
 
Powered by Should I Remove It?

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.