» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

ContentExplorer Uninstaller

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application uninstall.exe, “ContentExplorer Uninstall” by Lake Ventures has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This is the uninstaller utility registered in the Windows Control Panel for the program ContentExplorer by ContentExplorer.net. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

uninstall.exe

Publisher:

ContentExplorer.net (signed by Lake Ventures LLC)

Product:

ContentExplorer Uninstaller

Description:

ContentExplorer Uninstall

Version:

1.0.0.0

MD5:

262878f1fd85d73b4d7a56e963c67702

SHA-1:

f5b357446c3623ed80dcae8251b82b73f83689e8

SHA-256:

18177b5bb1209d360a85cf40e9079b1cdb02302c08c5f533dbb72a4adbddc966

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/16/2024 7:54:18 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.InstallBrain

2.1.4+

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win32:IBryte-MC [PUP]

2014.9-160211

Baidu Antivirus

Adware.Win32.iBryte

4.0.3.16211

Bkav FE

W32.HfsAdware

1.3.0.7062

Comodo Security

ApplicUnwnt

23010

Dr.Web

Trojan.iBryte.501

9.0.1.042

ESET NOD32

MSIL/Adware.iBryte.T application

10.7.0.302.0

F-Secure

Suspicious:W32/Malware.42127319c2!Online

11.2016-11-02_5

G Data

Win32.Application.Agent.60OZMS

16.2.25

IKARUS anti.virus

PUA.Downloader

t3scan.1.7.8.0

NANO AntiVirus

Riskware.Win32.BPlug.djpkri

0.30.0.65070

Panda Antivirus

Generic Suspicious

16.02.11.08

Quick Heal

PUA.Lakeventur.Gen

2.16.14.00

Reason Heuristics

PUP.Adknowledge.LakeVentures.Bundler (M)

16.2.11.8

Sophos

Generic PUA EC

4.98

Trend Micro House Call

Suspicious_GEN.F47V0129

7.2.42

VIPRE Antivirus

Threat.5064620

42326

File size:

127.7 KB (130,800 bytes)

Product version:

1.0.0.0

Original file name:

uninstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\contentexplorer\uninstall.exe

Digital Signature

Signed by:

Lake Ventures LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/17/2013 4:22:44 PM

Valid to:

12/17/2014 4:22:44 PM

Subject:

CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B14BBCA37F140

File PE Metadata

Compilation timestamp:

12/7/2014 1:45:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:hrKlYnBKFvSheyMaf8buKfoO/7HpS1BjFy9:RKqnBKFvSheyMakbnoO/7HpS1BBy9

Entry address:

0x1E50E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5581

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

113.5 KB (116,224 bytes)

Program Uninstaller

Program name:

ContentExplorer

Display publisher:

ContentExplorer.net

Display version:

8.4

Uninstall string:

C:\users\{user}\appdata\roaming\contentexplorer\uninstall.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.