» uninstaller.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstaller.exe

Gem Grab

The application uninstaller.exe by Gem Grab has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Gem Grab by Gem Grab. This file is typically installed with the program Gem Grab by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

uninstaller.exe

Publisher:

Gem Grab (signed and verified)

Version:

2.0.5690.42111

MD5:

cc326ca5a53e0d56955769f2bd210ca5

SHA-1:

51bc6168c5b2ee643dc3c53ab5e5ab12de5b7fba

SHA-256:

87a8d6ff50254949757742c5af7185a0ced55aa99b40d0d58821c5760d1fffe1

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/24/2024 2:48:20 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/BrowseFox.Gen

8.3.1.6

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.1583

Clam AntiVirus

Win.Adware.Browsefox-725

0.98/20758

ESET NOD32

Win32/BrowseFox.AZ potentially unwanted application

7.0.302.0

herdProtect (fuzzy)

variant of setup.exe (Adware)

2015.9.6.9

K7 AntiVirus

Riskware

13.207.16756

File size:

305.6 KB (312,912 bytes)

Product version:

2015.07.31

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Program Files\gem grab\uninstaller.exe

Digital Signature

Signed by:

Gem Grab

Authority:

VeriSign, Inc.

Valid from:

7/9/2015 2:00:00 AM

Valid to:

7/9/2016 1:59:59 AM

Subject:

CN=Gem Grab, O=Gem Grab, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

095FE5E97BD1FCE40B45EDA86B46ECD9

File PE Metadata

Compilation timestamp:

6/5/2014 1:58:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:iQ34Co8K/vKnM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2p:4CS/CnM3D0Fw/tN8dkmLtpHHHrh7C

Entry address:

0x31E4

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 6C, 44, 00, E8, 1B, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 6B, 44, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, 2B, 44, 00, E8, 0D, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, F0, 46, 00, 57, E8, FB, 23, 00, 00... 
[+]

Entropy:

7.9355

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Program Uninstaller

Program name:

Gem Grab

Display publisher:

Gem Grab

Display version:

2.0.5690.42111

Uninstall string:

"C:\Program Files\Gem Grab\uninstaller.exe"

The file uninstaller.exe has been discovered within the following program.

Gem Grab by Yontoo Technology, Inc.

www.gemgrab.net/support

81% remove it

Remove uninstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.