» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Injekt LLC

This is the uninstall module for the Injekt branded web browser extension program which injects advertising in the web browser as well as modifies the browser settings. The uninstaller is registered within Control Panel > Add/Remove Programs. The application uninstall.exe by Injekt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Search Deals by CloudCanvas, Inc. DBA Injekt. This file is typically installed with the program Search Deals by CloudCanvas, Inc. which is a potentially unwanted software program.

File name:

uninstall.exe

Publisher:

Injekt LLC (signed and verified)

MD5:

37528b73a865968be6b570e134d9f497

SHA-1:

e3757898b7d60bc8d40bbbc58b5e2bc30cfbd0a7

SHA-256:

4dcc8952991590bc97bf7c140984f875500b8f42cb9c278b2a0b2f233f9a8ca1

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/20/2024 12:08:18 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt.J

14.8.8.3

File size:

512.8 KB (525,152 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\searchdeals2\uninstall.exe

Digital Signature

Signed by:

Injekt LLC

Authority:

VeriSign, Inc.

Valid from:

3/22/2014 8:00:00 PM

Valid to:

6/22/2015 7:59:59 PM

Subject:

CN=Injekt LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Injekt LLC, L=Carlsbad, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

22388FB3C3238D36E8B8ABBBE3903F04

File PE Metadata

Compilation timestamp:

4/17/2014 8:20:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:uSeZvBoFS57jv0MLOLA147S7E7xob9FZ4uBEhRspQ:TQvqlKO/e7E7xbuBEspQ

Entry address:

0x41183

Entry point:

E8, 7C, D3, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, EC, 54, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 60, 30, 47, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, EC, 54, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03... 
[+]

Entropy:

6.3203

Code size:

380.5 KB (389,632 bytes)

Program Uninstaller

Program name:

Search Deals

Display publisher:

CloudCanvas, Inc. DBA Injekt

Display version:

2.6.78

Uninstall string:

C:\ProgramData\SearchDeals2\uninstall.exe /kb=n /ic=1

The file uninstall.exe has been discovered within the following program.

Search Deals by CloudCanvas, Inc.

This is an adware web browser extension from Creative Island Media that will display various popup and banner ads as well as modify the user's web browser search and home page settings.

www.searchdealsapp.com

80% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.