home

betweenlinesuninstaller.exe

Zip Path

The application betweenlinesuninstaller.exe by Zip Path has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from install.betweenlinesnow.com.
Publisher:
Zip Path  (signed and verified)

Version:
1.0.0.0

MD5:
9993929c99d53f70fdede795f10b72af

SHA-1:
b0abee71d7e080e07536ebd6118fa31bdbd6f515

SHA-256:
8a637cb54f6e294f806651171a488f0f8336e288614f87cd25cd4a267bde7132

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 4:40:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo.ZipPath.Installer (M)
16.3.29.17

File size:
547.7 KB (560,824 bytes)

Product version:
1.0.0.0

Original file name:
Between Lines Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\betweenlinesuninstaller.exe

Digital Signature
Signed by:
Zip Path

Authority:
VeriSign, Inc.

Valid from:
1/28/2016 10:00:00 PM

Valid to:
1/28/2017 9:59:59 PM

Subject:
CN=Zip Path, O=Zip Path, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
57DB7C60F42E781BF49C0CFF82E07EBD

File PE Metadata
Compilation timestamp:
3/22/2016 7:19:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:FsN/LF/zagV6aFk4ZOimI8w3q5jOh4DvWSPVMaGZniSOMimpBK5B2cQr0tZ5/air:FsN/LF/zagV6a64oiXw+dsYQr5l058z

Entry address:
0x86EEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
532 KB (544,768 bytes)

The file betweenlinesuninstaller.exe has been seen being distributed by the following URL.

http://install.betweenlinesnow.com/ud

Remove betweenlinesuninstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.