» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

uninstall.exe

Installer

Connection Directory Inc.

The application uninstall.exe by Connection Directory has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program SimpleFiles by https://www.www.simples-files.com. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

uninstall.exe

Publisher:

New Monte Inc (signed by Connection Directory Inc.)

Product:

Installer

Version:

1, 0, 1051, 1

MD5:

a9cb34bbd50fb6b7af1d0a3cd18c3a72

SHA-1:

fc621a5981b9e692c961775609677afaae748027

SHA-256:

83e23e3847b0d32b00ba7ac15f4f4733c809fdcbf1726ab33b2a1846245a66d9

Scanner detections:

26 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/19/2024 9:07:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.61

354

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Installer

2015.12.09

Avira AntiVirus

PUA/EDownloader.Gen4

8.3.2.4

avast!

Win32:Adware-gen [Adw]

2014.9-160215

AVG

Adware Generic_r

2017.0.2832

Bitdefender

Gen:Variant.Application.Bundler.61

1.0.20.230

Bkav FE

HW32.Packed

1.3.0.7383

Clam AntiVirus

Win.Trojan.Agent-951332

0.98/21136

Comodo Security

Application.Win32.EDownload.WC

23690

Dr.Web

Adware.Downware.13160

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.61

8.16.02.15.07

ESET NOD32

Win32/ExpressDownloader.S potentially unwanted application

10.7.0.302.0

F-Prot

W32/Amonetize.AT.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.707065

11.2016-15-02_2

G Data

Gen:Variant.Application.Bundler.61

16.2.25

K7 AntiVirus

Adware

13.212.18027

MicroWorld eScan

Gen:Variant.Application.Bundler.61

17.0.0.138

NANO AntiVirus

Riskware.Win32.Downware.dyhbgs

1.0.10.5081

Norman

Gen:Variant.Application.Bundler.61

11.20160215

Panda Antivirus

Trj/Genetic.gen

16.02.15.07

Qihoo 360 Security

HEUR/QVM16.0.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.ViaAdvertising.ConnectionDirectory.Installer (M)

16.2.15.19

Rising Antivirus

PE:Trojan.ExpressDownloader!1.A207 [F]

23.00.65.16213

VIPRE Antivirus

Threat.4150696

45588

Zillya! Antivirus

Adware.BrowseFox.Win32.213715

2.0.0.2548

File size:

4.4 MB (4,646,536 bytes)

Product version:

1.0.0.1

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\Program Files\simplefiles\uninstall.exe

Digital Signature

Signed by:

Connection Directory Inc.

Authority:

Connection Directory Inc.

Valid from:

1/5/2016 10:57:24 PM

Valid to:

1/4/2017 10:57:24 PM

Subject:

CN=Connection Directory Inc., OU=Connection Directory Inc., O=Connection Directory Inc., S=Glasgow, C=UK

Issuer:

CN=Connection Directory Inc., C=UK, S=Glasgow, L=Glasgow, E=admin@connectiondirector.com, OU=Connection Directory Inc., O=Connection Directory Inc.

Serial number:

100001

File PE Metadata

Compilation timestamp:

12/11/2015 5:26:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

98304:1Q+KC983I+SLzMQ8lLLM/ymeuE3UlTZ0viLBHvs7e/vqhw9Sy2Fq6BiI/o:m3IVMbln+ymejOZEiLxvrH3jrI/o

Entry address:

0x5716A0

Entry point:

68, FF, D3, 30, C5, E8, F5, B0, FE, FF, C3, BD, 67, F0, CF, 3C, 66, 98, CF, 0D, 68, C8, 67, F0, 34, E6, DC, 67, 30, 9F, EF, 06, 98, CF, E5, 8D, 3C, 98, 8F, 3D, 1D, 05, 98, 0F, EF, FF, 83, 67, 30, 0D, 55, 84, 67, 30, 5E, 05, 7B, 98, 4F, 16, 89, 4B, 98, 8F, E6, AC, 3F, 98, 4F, 53, F2, 66, 67, B0, F7, DE, 59, 67, 70, C3, 9C, 42, 67, 70, C3, 61, A8, 98, 0F, D6, B3, AB, EA, CB, A2, 98, 8F, F2, 58, 67, F0, ED, 3F, E3, 98, 0F, 4F, 8E, E0, 34, BB, 7F, 0F, CF, 8F, 1B, FE, F0, B0, 80, BF, 0F, 0F, BE, 11, 81, 0F, 4F... 
[+]

Entropy:

7.9402 (probably packed)

Code size:

4.2 MB (4,394,496 bytes)

Program Uninstaller

Program name:

SimpleFiles

Display publisher:

https://www.www.simples-files.com

Display version:

15.16.01

Uninstall string:

"C:\Program Files\SimpleFiles\Uninstall.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.