home

addonsui.exe

WindApp

Windapp

The application addonsui.exe, “WindApp installer” by Windapp has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program WindApp (remove only) by Nosibay which is a potentially unwanted software program. The file has been seen being downloaded from gb-cdn.windapp.net and multiple other hosts.
Publisher:
Nosibay  (signed by Windapp)

Product:
WindApp

Description:
WindApp installer

Version:
3.0.643.0.61202

MD5:
04051c9bdb00fee256dfc5e36e23c554

SHA-1:
b1afd167d824670f85aac34d82d3062e4b1e5367

SHA-256:
ad34e4e37e6fdcb2136dbc9dbe2fd8927f64681b1d4a0044233d1f6ec3927ed8

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 4:14:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Nosibay.Installer.Meta (M)
15.6.19.11

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
410.6 KB (420,440 bytes)

Copyright:
© Store

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\store\windapp\tmp\updates\addonsui.exe

Digital Signature
Signed by:
Windapp

Authority:
Windapp

Valid from:
7/24/2014 1:07:07 PM

Valid to:
12/31/2039 11:59:59 PM

Subject:
CN=Windapp

Issuer:
CN=Windapp

Serial number:
07D00BC1D3269EAF4C01F64E3E80D0E6

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:me34/pZNmWP6YHey2ZYc6Hknq73ZX8wjveEtt2NB6+shLfXc0Ff2I03bf:a1mbYz2TqNyEWfXshbN2fj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9530

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file addonsui.exe has been discovered within the following program.

WindApp (remove only)  by Nosibay
WindApp is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
81% remove it
 
Powered by Should I Remove It?

The file addonsui.exe has been seen being distributed by the following 4 URLs.

http://gb-cdn.windapp.net/dld/update/2014_07_25/.../AddonsUI.exe

http://it-cdn.windapp.net/dld/update/2014_07_25/.../AddonsUI.exe

http://es-cdn.windapp.net/dld/update/2014_07_25/.../AddonsUI.exe

http://fr-cdn.windapp.net/dld/update/2014_07_25/.../AddonsUI.exe

Remove addonsui.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.