» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

InstallCore Ltd.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe by InstallCore has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the installCore installer. This is the uninstaller utility registered in the Windows Control Panel for the program PDF Converter. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

uninstall.exe

Publisher:

InstallCore Ltd. (signed and verified)

MD5:

8a19fab0581a135fe6f2a722b7f148e7

SHA-1:

e18a125ce4710404031fd92bc65e664af26b1feb

SHA-256:

e2e74f7ad7fc679be5fcb341d8bcdfe5c23b9351168a5f565468d01ac8ecb650

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 12:49:32 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Adware InstallCore.PJ

2015.0.4522

Dr.Web

Adware.InstallCore.29

9.0.1.05190

ESET NOD32

Win32/InstallCore.BP potentially unwanted application

7.0.302.0

F-Prot

W32/InstallCore.B.gen

4.6.5.141

Reason Heuristics

PUP.installCore (M)

16.2.14.16

Sophos

PUA 'Install Core'

5.23

VIPRE Antivirus

Threat.4150696

47028

File size:

517.3 KB (529,680 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\Program Files\pdfconverter\uninstall\uninstall.exe

Digital Signature

Signed by:

InstallCore Ltd.

Authority:

COMODO CA Limited

Valid from:

2/21/2012 12:00:00 AM

Valid to:

2/20/2013 11:59:59 PM

Subject:

CN=InstallCore Ltd., OU=Support, O=InstallCore Ltd., STREET=Nisim Aloni 21, L=Tel Aviv, S=N/A, PostalCode=62919, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0088971791FBF6CE4920268CDF6A0A825F

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:1/ZBywf+TBl9mvByfU73skA/DKirzcuPauKoZtmToZUeXC:hzysQZWIc7ckfifcuCDoZ+YXC

Entry address:

0x10BF10

Entry point:

60, BE, 00, 30, 49, 00, 8D, BE, 00, E0, F6, FF, C7, 87, 10, A7, 0C, 00, 7C, 1F, 6A, 0E, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

488 KB (499,712 bytes)

Program Uninstaller

Program name:

PDF Converter

Uninstall string:

C:\Program Files (x86)\PDFConverter\Uninstall\Uninstall.exe /Uninstall

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.