home

uninstall.exe

FLV Player

Install Core

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe, “FLV Player Installer” by Install Core has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from apps.foxtab.com.
Publisher:
FLV Player Techno  (signed by Install Core)

Product:
FLV Player

Description:
FLV Player Installer

Version:
3.1.0.0

MD5:
4779efd9cfb8d741146f68586be122f5

SHA-1:
ed776d08f73a91fb729067ab4f409b8515e4fc16

SHA-256:
2a3557bcae9110fe7729dfca7bc0886470819d5f7044d81832a521a46eac594d

Scanner detections:
35 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 3:47:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10148196
690

Agnitum Outpost
Adtool.InstallCore.Gen.2
7.1.1

AhnLab V3 Security
Adware/Win32.FoxTab
2014.09.11

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.133.70

avast!
Win32:InstallCore-F [PUP]
2014.9-150316

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15316

Bitdefender
Trojan.Generic.10148196
1.0.20.375

Bkav FE
W32.Clod320.Trojan
1.3.0.4959

Clam AntiVirus
W32.Adware.InstallCore-2
0.98/19343

Comodo Security
ApplicUnwnt.Win32.AdWare.InstallCore.0
17832

Dr.Web
Trojan.DownLoader4.11394
9.0.1.075

Emsisoft Anti-Malware
Trojan.Generic.10148196
8.15.03.16.11

ESET NOD32
Win32/InstallCore (variant)
9.9459

Fortinet FortiGate
Riskware/InstallCore
3/16/2015

F-Prot
W32/Agent.MC.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.10148196
11.2015-16-03_2

G Data
Trojan.Generic.10148196
15.3.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.7.5.0

K7 AntiVirus
Riskware
13.176.11239

Malwarebytes
Adware.Agent
v2015.03.16.11

McAfee
Artemis!4779EFD9CFB8
5600.6824

MicroWorld eScan
Trojan.Generic.10148196
16.0.0.225

NANO AntiVirus
Trojan.Win32.Agent.bxnsxq
0.28.0.57630

nProtect
Trojan.Generic.10148196
14.02.23.01

Qihoo 360 Security
Win32/Application.8ab
1.0.0.1015

Quick Heal
Trojan.Rimod.A8
3.15.14.00

Reason Heuristics
PUP.Installer.ironSource
15.3.17.0

Rising Antivirus
PE:PUF.InstallCore!1.9DE1
23.00.65.15314

Sophos
Install Core Installer
4.97

SUPERAntiSpyware
Adware.InstallCore
9993

Trend Micro House Call
TROJ_SPNR.29C513
7.2.75

Trend Micro
TROJ_SPNR.29C513
10.465.16

Vba32 AntiVirus
Trojan.Genome.aa
3.12.24.3

VIPRE Antivirus
InstallCore
26756

Zillya! Antivirus
Adware.InstallCore.Win32.18
2.0.0.1914

File size:
477.5 KB (488,968 bytes)

Product version:
3.1.0.0

Copyright:
Copyright © InstallCore

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\uninstall.exe

Digital Signature
Signed by:
Install Core

Authority:
The USERTRUST Network

Valid from:
2/1/2011 7:00:00 PM

Valid to:
2/2/2012 6:59:59 PM

Subject:
CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:OgWEZXf8EqX1sTdfWfL/UPkpl2R/iA+eF5IMMigHgH:OVA0EqX1sTdebU8psR/HlF5IMMiGgH

Entry address:
0x508520

Entry point:
60, BE, 00, 00, 8A, 00, 8D, BE, 00, 10, B6, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
420 KB (430,080 bytes)

The file uninstall.exe has been seen being distributed by the following URL.

http://apps.foxtab.com/.../FLVPlayerSetup.exe

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.