» windowadvertisementuninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (1)

windowadvertisementuninstall.exe

windowadvertisementUninstall

enliple Ltd.

The application windowadvertisementuninstall.exe by enliple has been detected as a potentially unwanted program by 12 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program WindowAdvertisement by WindowAdvertisement. This file is typically installed with the program WindowAdvertisement by enliple Ltd which is a potentially unwanted software program. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from windowadvertisementad.co.kr.

File name:

Publisher:

enliple Ltd. (signed and verified)

Product:

windowadvertisementUninstall

Version:

7.07

MD5:

9f7bad12d677761534a87c0f738c1138

SHA-1:

226f8d986d1c3174a834f91699a54c030eb2a222

SHA-256:

d5d64b883a49e4484e4ef30929a16951eae9efce35459b8c00c4d1ba0d23527d

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:01:20 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1646047

1016

Bitdefender

Trojan.GenericKD.1646047

1.0.20.575

Emsisoft Anti-Malware

Trojan.GenericKD.1646047

8.14.04.25.02

F-Secure

Trojan.GenericKD.1646047

11.2014-25-04_6

G Data

Trojan.GenericKD.1646047

14.4.24

IKARUS anti.virus

Trojan.VBCrypt

t3scan.1.6.1.0

McAfee

Artemis!9F7BAD12D677

5600.7150

MicroWorld eScan

Trojan.GenericKD.1646047

15.0.0.345

NANO AntiVirus

Trojan.Win32.XPACK.cupwlr

0.28.0.59492

nProtect

Trojan.GenericKD.1646047

14.04.21.01

Reason Heuristics

PUP.enliple.CC

14.4.25.2

Trend Micro House Call

TROJ_GEN.F47V0118

7.2.115

File size:

427.9 KB (438,120 bytes)

Product version:

7.07

Trademarks:

windowadvertisementUninstall

Original file name:

uninst.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\windowadvertisementuninstall.exe

Digital Signature

Signed by:

enliple Ltd.

Authority:

Thawte, Inc.

Valid from:

6/26/2013 9:00:00 AM

Valid to:

6/27/2015 8:59:59 AM

Subject:

CN=enliple Ltd., OU=Internet Dept, O=enliple Ltd., L=Guro-gu, S=SEOUL, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

178A151BFE91D2CFD345640D3EE64736

File PE Metadata

Compilation timestamp:

1/15/2014 11:56:31 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:cA0CRPFBH8Bj0NlNg6Sf+s7FaPIA0CRPFBH8Bj0NlNg6Sf+s7b:/0CR9B8BjGNg6Sf+UaPD0CR9B8BjGNgd

Entry address:

0x1C48

Entry point:

68, AC, C1, 42, 00, E8, F0, FF, FF, FF, 00, 00, 78, 00, 00, 00, 30, 00, 00, 00, 70, 00, 00, 00, 50, 00, 00, 00, 3B, 34, 8D, F4, 12, 16, 23, 42, 97, F2, E3, 60, D8, F8, 1D, 50, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 77, 69, 6E, 64, 6F, 77, 61, 64, 76, 65, 72, 74, 69, 73, 65, 6D, 65, 6E, 74, 55, 6E, 69, 6E, 73, 74, 61, 6C, 6C, 00, 73, 5C, 73, 77, 69, 6E, 64, 6F, 77, 61, 64, 76, 65, 72, 74, 69, 73, 65, 6D, 65, 6E, 74, 55, 6E, 69, 6E, 73, 74, 61, 6C, 6C, 00, 61, 74, 69, 00, 6E, 0D, 0A... 
[+]

Entropy:

5.6624

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

244 KB (249,856 bytes)

Program Uninstaller

Program name:

WindowAdvertisement

Display publisher:

WindowAdvertisement

Display version:

8.3.0

Uninstall string:

C:\Program Files (x86)\WindowAdvertisement\uninst.exe

The file windowadvertisementuninstall.exe has been discovered within the following program.

WindowAdvertisement by enliple Ltd

The software runs unwanted processes or programs on the user's computer and does not display adequate disclosures about its behavior.

75% remove it

The file windowadvertisementuninstall.exe has been seen being distributed by the following URL.

http://windowadvertisementad.co.kr/winadpartner/.../windowadvertisementUninstall.exe

Remove windowadvertisementuninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.