uninst.exe

DLNow Setup

Logixoft

The application uninst.exe by Logixoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program DLNow 1.2 by Logixoft. The file has been seen being downloaded from secure.avangate.com and multiple other hosts.
Publisher:
Logixoft  (signed and verified)

Product:
DLNow Setup

Version:
1.2.0.0

MD5:
fdc3b2c4c17cf814c7f4d95adad78042

SHA-1:
10e64b3824ad3e540c1a488e7fb82abda6af4c3d

SHA-256:
378ad00618498fd51830e956313c23644a7811d5ef043ac5a960af868fb66e0b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/16/2024 12:28:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Logixoft.Installer (M)
15.8.12.13

File size:
26.3 MB (27,604,040 bytes)

Product version:
1.2.0.0

Copyright:
Copyright (C) 2015 Logixoft

Original file name:
dlnow_setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\dlnow\uninst.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/11/2013 2:00:00 AM

Valid to:
4/11/2016 1:59:59 AM

Subject:
CN=Logixoft, O=Logixoft, STREET="14, rue Marie-Rose le Bloch", L=QUIMPER, S=Bretagne, PostalCode=29000, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5B18B568174DC2D647EC70ED13CCBB8D

File PE Metadata
Compilation timestamp:
7/27/2015 6:10:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:hXfJXPFNaVvqUwP+AXpW+G0XJnGj4ou7LMl45S7RSn/vUinmz3r4Ykiwd7yn2dCH:JhfFUVvHwPF53f0j7RKDyDDrn2pt8

Entry address:
0x77FE

Entry point:
E8, B6, 29, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 88, 81, 41, 00, 89, 0D, 84, 81, 41, 00, 89, 15, 80, 81, 41, 00, 89, 1D, 7C, 81, 41, 00, 89, 35, 78, 81, 41, 00, 89, 3D, 74, 81, 41, 00, 66, 8C, 15, A0, 81, 41, 00, 66, 8C, 0D, 94, 81, 41, 00, 66, 8C, 1D, 70, 81, 41, 00, 66, 8C, 05, 6C, 81, 41, 00, 66, 8C, 25, 68, 81, 41, 00, 66, 8C, 2D, 64, 81, 41, 00, 9C, 8F, 05, 98, 81, 41, 00, 8B, 45, 00, A3, 8C, 81, 41, 00, 8B, 45, 04, A3, 90, 81, 41, 00, 8D, 45, 08, A3, 9C, 81, 41...
 
[+]

Code size:
67.5 KB (69,120 bytes)

Program Uninstaller
Program name:
DLNow 1.2

Display publisher:
Logixoft

Display version:
1.2

Uninstall string:
"C:\Program Files (x86)\DLNow\uninst.exe" /u


The file uninst.exe has been seen being distributed by the following 4 URLs.

https://secure.avangate.com/affiliate.php?ACCOUNT=LOGIXOFT&AFFILIATE=678&PATH=http://.../rkfree_setup.exe

Remove uninst.exe - Powered by Reason Core Security