uninst.exe

It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Powered.
MD5:
565a4283eebb1251553d982ff0c64876

SHA-1:
abbf79b0f5e18b79cdf0e68533c6fad1664c37e7

SHA-256:
d53fbf086f3095ef3717653372d598a19059872048dc2f5045b1f0a0726a3795

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 2:05:38 AM UTC  (today)

Scan engine
Detection
Engine version

McAfee
PUP-FPD
5600.6116

Qihoo 360 Security
HEUR/QVM05.1.0000.Malware.Gen
1.0.0.1120

File size:
2.2 MB (2,266,624 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\{55a763fb-710f-0f43-1c97-2aab38ffd633}\uninst.exe

File PE Metadata
Compilation timestamp:
6/15/2014 2:20:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1EF4F0

Entry point:
55, 8B, EC, 83, C4, F0, B8, D8, 66, 5E, 00, E8, 58, F4, E1, FF, A1, B0, 4D, 5F, 00, 8B, 00, E8, 10, 00, FD, FF, 8B, 0D, 24, 4E, 5F, 00, A1, B0, 4D, 5F, 00, 8B, 00, 8B, 15, 40, A8, 5C, 00, E8, 10, 00, FD, FF, A1, B0, 4D, 5F, 00, 8B, 00, E8, 60, 01, FD, FF, E8, F3, 9E, E1, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.9 MB (2,021,376 bytes)

2 Program Uninstaller
Program name:
Yahoo! Powered

Uninstall string:
"C:\users\{user}\appdata\local\{55a763fb-710f-0f43-1c97-2aab38ffd633}\uninst.exe" -fn=""-p=\uninstall \s \noun \delselfdir

Program name:
Search Provided by Yahoo

Uninstall string:
"C:\users\{user}\appdata\local\{77654139-53cd-2d81-3e55-08691a3df4f1}\uninstall.exe" \uninstall \s \noun


Scheduled Task
Task name:
{89C21C2F-314C-488D-B6E7-FDD5E45376CE}

Trigger:
Daily (Runs daily at 10:09 AM)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-107-20-201-65.compute-1.amazonaws.com  (107.20.201.65:80)

TCP (HTTP):
Connects to ec2-54-225-212-5.compute-1.amazonaws.com  (54.225.212.5:80)

TCP (HTTP):
Connects to ec2-54-243-75-224.compute-1.amazonaws.com  (54.243.75.224:80)

TCP (HTTP):
Connects to ec2-23-21-246-202.compute-1.amazonaws.com  (23.21.246.202:80)

TCP (HTTP):
Connects to server-54-230-59-191.gru1.r.cloudfront.net  (54.230.59.191:80)

TCP (HTTP):
Connects to server-52-85-167-254.gig50.r.cloudfront.net  (52.85.167.254:80)

TCP (HTTP):
Connects to server-52-85-167-154.gig50.r.cloudfront.net  (52.85.167.154:80)

TCP (HTTP):
Connects to server-52-85-167-12.gig50.r.cloudfront.net  (52.85.167.12:80)

TCP (HTTP):
Connects to server-52-85-165-190.gru1.r.cloudfront.net  (52.85.165.190:80)

TCP (HTTP):
Connects to server-52-84-174-132.gru50.r.cloudfront.net  (52.84.174.132:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.114.27:80)

TCP (HTTP SSL):
Connects to geoip-zlb.vips.scl3.mozilla.com  (63.245.215.82:443)

TCP (HTTP):
Connects to ec2-54-83-207-70.compute-1.amazonaws.com  (54.83.207.70:80)

TCP (HTTP):
Connects to ec2-23-23-166-158.compute-1.amazonaws.com  (23.23.166.158:80)

TCP (HTTP):
Connects to ec2-23-23-110-40.compute-1.amazonaws.com  (23.23.110.40:80)

TCP (HTTP):
Connects to ec2-23-21-246-179.compute-1.amazonaws.com  (23.21.246.179:80)

TCP (HTTP):
Connects to ec2-184-73-154-217.compute-1.amazonaws.com  (184.73.154.217:80)

TCP (HTTP):
Connects to ec2-107-21-228-208.compute-1.amazonaws.com  (107.21.228.208:80)

Scan uninst.exe - Powered by Reason Core Security