home

__uninstall_.exe

JumpyApps

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application __uninstall_.exe by JumpyApps has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
JumpyApps  (signed and verified)

MD5:
fb2140c291c48d9e1732d1ea00026098

SHA-1:
60a89e921b8034458a666d67fc15624e14e995f1

SHA-256:
c68610413e0c21f10e9a81da9c12b72e41ebc7defe71c882c3ea46a392f39517

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 12:06:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2070654
6382076

Agnitum Outpost
Trojan.Injected
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.125.180

Bitdefender
Trojan.GenericKD.1745080
1.0.20.100

Dr.Web
Trojan.Packed.24524
9.0.1.05190

Emsisoft Anti-Malware
Trojan.GenericKD.2070654
9.0.0.4799

ESET NOD32
Win32/InstallCore.GZ potentially unwanted application
7.0.302.0

F-Prot
W32/A-f7a98f1b
v6.4.7.1.166

F-Secure
Trojan.GenericKD.2070654
5.13.68

G Data
Win32.Application.InstallCore
15.1.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.183.13550

MicroWorld eScan
Trojan.GenericKD.1745080
16.0.0.60

Norman
Trojan.GenericKD.1745080
03.12.2014 13:20:04

nProtect
Trojan.GenericKD.1745080
14.07.29.01

Reason Heuristics
PUP.ironSource
15.1.20.21

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15118

Sophos
PUA 'Install Core Click run software'
5.09

VIPRE Antivirus
InstallCore
24890

Zillya! Antivirus
Trojan.Injected.Win32.6
2.0.0.1906

File size:
1.2 MB (1,302,008 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\__uninstall_.exe

Digital Signature
Signed by:
JumpyApps

Authority:
COMODO CA Limited

Valid from:
2/18/2013 11:00:00 AM

Valid to:
2/19/2014 10:59:59 AM

Subject:
CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata
Compilation timestamp:
6/20/1992 9:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:00JV1cO3M7gwBfZB37JSbqk26JhOUNzbQoPK8ZvcT9ilFJrzio4xOj:0C1p0fZB37JSOk25UNzbQonGTYDJrz7R

Entry address:
0x9B24

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, A2, 95, FF, FF, E8, A9, A7, FF, FF, E8, D4, C9, FF, FF, E8, 1B, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, DB, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 04, D0, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 53, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove __uninstall_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.