home

uninstall.exe

InstallCore© Installer SDK 4.1

InstallCore© Technologies

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe, “InstallCore© Installer ” has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program FoxTab AVI Converter (remove only). The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
InstallCore© Technologies

Product:
InstallCore© Installer SDK 4.1

Description:
InstallCore© Installer

Version:
1, 0, 0, 9

MD5:
7daac455039ed1c231144b2d32af73cd

SHA-1:
e9ff687912da17e019083cf148c74bed691f286b

SHA-256:
af53f8e6c6a2e26ac693fb400306d48bf0e9393fde3c70aed879cb2a1c430fe1

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/20/2024 1:49:46 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.115.36

AVG
Generic4
2015.0.3529

Bkav FE
W32.MalwaresysEI.Trojan
1.3.0.4562

Comodo Security
Heur.Suspicious
17316

Dr.Web
Trojan.DownLoader2.12839
9.0.1.080

ESET NOD32
Win32/InstallCore (variant)
8.9084

Fortinet FortiGate
W32/Malware_fam.NB
3/21/2014

F-Prot
W32/InstallCore.I.gen
v6.4.7.1.166

K7 AntiVirus
Trojan
13.174.10286

Malwarebytes
Adware.Agent
v2014.03.21.07

Norman
Suspicious_Gen2.NUNNZ
11.20140321

Reason Heuristics
PUP.Installer.InstallCoreCTechnologies.J
14.3.21.7

Sophos
Install Core Installer
4.95

VIPRE Antivirus
Trojan.Win32.Generic
23628

File size:
436.5 KB (446,976 bytes)

Product version:
1, 0, 0, 9

Copyright:
Copyright InstallCore© Technology 4.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\Program Files\foxtabaviconverter\uninstall\uninstall.exe

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:mQKk5i8p6AsBviGwdI6xpOnCmOQ6sW+sOdGd9OnzEq/FMMN:wei8XGwdI6ynCmOQ6sW+nUunzEq/FMMN

Entry address:
0xEF050

Entry point:
60, BE, 00, A0, 48, 00, 8D, BE, 00, 70, F7, FF, C7, 87, 10, 77, 0A, 00, E4, 08, 72, A5, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8499

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
408 KB (417,792 bytes)

Program Uninstaller
Program name:
FoxTab AVI Converter (remove only)

Uninstall string:
C:\PROGRA~1\FOXTAB~1\Uninstall\Uninstall.exe /Uninstall


The file uninstall.exe has been seen being distributed by the following URL.

http://apps.foxtab.com/.../AviConverterSetup.exe

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.