home

your uninstaller! 2013.exe

Your Uninstaller! 7

URSoft, Inc.

The application your uninstaller! 2013.exe, “Your Uninstaller! 7 Setup ” by URSoft has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl2.ursoftware.com.
Publisher:
URSoft, Inc.   (signed by URSoft, Inc.)

Product:
Your Uninstaller! 7

Description:
Your Uninstaller! 7 Setup

Version:
7.5.2013.2

MD5:
ca83cfd946ec1581ecd687c87afcb7d2

SHA-1:
39cafd4db4d501b81ef3ff4acd413df5fa289672

SHA-256:
79f9c42ede05bed612523ba7cd367d62a0ce31667309cd9ac9e3e675d490a280

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/26/2024 4:06:36 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Babylon.15
9.0.1.0177

ESET NOD32
Win32/Toolbar.Babylon
8.9848

K7 AntiVirus
Trojan
13.178.12184

McAfee
Artemis!CA83CFD946EC
5600.7087

Reason Heuristics
PUP.Optional.Installer.W
14.6.26.19

File size:
7.6 MB (7,931,568 bytes)

Product version:
7.5.2013.2

Copyright:
Copyright © 1998-2012 URSoft, Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Digital Signature
Signed by:
URSoft, Inc.

Authority:
COMODO CA Limited

Valid from:
3/6/2012 3:00:00 AM

Valid to:
3/7/2015 2:59:59 AM

Subject:
CN="URSoft, Inc.", O="URSoft, Inc.", STREET=7241 W. Addison, L=Chicago, S=IL, PostalCode=60634, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2D52C7CF5E69A633AC3AED0E78F988DC

File PE Metadata
Compilation timestamp:
12/25/2011 12:18:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:JyaCKvV7a0ZXQwJHdOMRdzLikr0wWC73v1AboEfH:nCKVJBdOMLikr0wW2vib5

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, B0, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, B0, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.9869

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file your uninstaller! 2013.exe has been seen being distributed by the following URL.

http://dl2.ursoftware.com/.../dl.php?pid=yu2010

Remove your uninstaller! 2013.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.