» __uninstall_.exe
Overview
Analysis
File Details
Behaviors (1)

__uninstall_.exe

JumpyApps

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application __uninstall_.exe by JumpyApps has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the installCore installer. This is the uninstaller utility registered in the Windows Control Panel for the program FLV Player. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

__uninstall_.exe

Publisher:

JumpyApps (signed and verified)

MD5:

52f933eea35c7797456da41c7815fa9b

SHA-1:

4fb995ef0201c5b080a81341ff5ef611f4e1a6bf

SHA-256:

4d4a5b573c42d549642f0c015a70ef6457ac3e50ecff6a71be29cc3a42b26d34

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 7:54:53 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.DownloadManager

2014.10.31

Avira AntiVirus

Adware/InstallCore.A.98

7.11.182.78

AVG

Adware InstallCore.JD

2014.0.4040

Dr.Web

Trojan.Packed.24524

9.0.1.05190

ESET NOD32

Win32/InstallCore.KE potentially unwanted application

7.0.302.0

G Data

Win32.Application.InstallCore

14.10.24

K7 AntiVirus

Unwanted-Program

13.185.13853

NANO AntiVirus

Trojan.Win32.Kryptik.cwezfs

0.28.6.62995

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

PUP.JumpyApps.M

14.10.29.16

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.141028

Sophos

Install Core Click run software

4.98

Vba32 AntiVirus

Downware.InstallCore

3.12.26.3

VIPRE Antivirus

Threat.4786018

34232

File size:

1.2 MB (1,299,344 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\Program Files\flvplayer\uninstall\__uninstall_.exe

Digital Signature

Signed by:

JumpyApps

Authority:

COMODO CA Limited

Valid from:

2/18/2013 2:00:00 AM

Valid to:

2/19/2014 1:59:59 AM

Subject:

CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:nAxR579xLA1Be/CFJ70Mxc+Dhme5CfNd:uRjxLm8/CTfaIFCfn

Entry address:

0x8440

Entry point:

55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, F0, 89, 45, EC, B8, 08, 84, 40, 00, E8, 48, C8, FF, FF, 33, C0, 55, 68, BD, 84, 40, 00, 64, FF, 30, 64, 89, 20, E8, 51, A2, FF, FF, 85, C0, 7E, 33, 8D, 55, F0, B8, 09, 00, 00, 00, E8, A0, A2, FF, FF, 8B, 45, F0, 50, B8, 64, 00, 00, 00, E8, EA, A2, FF, FF, 8D, 55, EC, E8, 42, D5, FF, FF, 8B, 55, EC, 58, E8, 5D, B0, FF, FF, 75, 05, E8, B2, FE, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, C4, 84, 40, 00, 8D, 45, EC, BA, 02, 00, 00, 00, E8, 78, AD, FF, FF, C3, E9, 0E, A8... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

29.5 KB (30,208 bytes)

Program Uninstaller

Program name:

FLV Player

Uninstall string:

C:\Program Files\FLVPlayer\Uninstall\__Uninstall_.exe /RSF /Uninstall

Remove __uninstall_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.