» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Magnetbyte

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application uninstall.exe by Magnetbyte has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This is the uninstaller utility registered in the Windows Control Panel for the program BrowserSafeguard with RocketTab by BrowserSafeguard with RocketTab.

File name:

uninstall.exe

Publisher:

Magnetbyte (signed and verified)

Version:

1.0.5364.13552

MD5:

1700fd76cd66b9a0b81a63a9548a26a9

SHA-1:

fd8841e66ca1eee18ebd94eb77509d61b352fd95

SHA-256:

0cd21199c3bef9ee80401cd1a28cd6d583f980648e990933392371ffefa1ae42

Scanner detections:

9 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 10:20:17 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Magnetbyte

2015.0.3282

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.141122

Comodo Security

ApplicUnwnt

19774

ESET NOD32

MSIL/Adware.iBryte (variant)

8.10548

McAfee

Adware-RocketTab

5600.6938

Reason Heuristics

PUP.Magnetbyte.J

14.11.22.17

Sophos

Generic PUA PN

4.98

Trend Micro House Call

Suspicious_GEN.F47V0914

7.2.326

VIPRE Antivirus

AdKnowledge

33838

File size:

3.7 MB (3,875,552 bytes)

Product version:

1.0.5364.13552

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

Language Neutral

Common path:

C:\Program Files\rockettab\uninstall.exe

Digital Signature

Signed by:

Magnetbyte

Authority:

COMODO CA Limited

Valid from:

7/14/2014 2:00:00 AM

Valid to:

7/15/2015 1:59:59 AM

Subject:

CN=Magnetbyte, O=Magnetbyte, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5AAA80E984DD62B451B13725DB02F3B5

File PE Metadata

Compilation timestamp:

9/8/2014 10:32:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:WrlDumhE2wHc1Xa3zITJPwLJVor73hVMQiHRmXBS9ScNU+y7b3fkN9wNNxvwO4YU:Wr0mhEhd8NoLPor7Ri1RUqyL3fsaHGYU

Entry address:

0x3A817B

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.6 MB (3,826,176 bytes)

Program Uninstaller

Program name:

BrowserSafeguard with RocketTab

Display publisher:

BrowserSafeguard with RocketTab

Uninstall string:

"C:\Program Files (x86)\RocketTab\uninstall.exe" /u=true /UserID=e2a0fcdc-1bd8-4b10-ac81-1d06d3d2ec97 /SourceID=google_downloadadit.com|google_buildcraft-display-DE-CPC-468x60-41063498768 /Implementat

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.