home

uninst.exe

It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Powered.
MD5:
a8c86df4d7f04fea89b890cef1a02a33

SHA-1:
ac1ba0abf66a2467ec135d68698a1cdc74da9f32

SHA-256:
3e40f247bcb407d74b6f8f6792919930755846ad4ee2643b0ffafdac3fa83d79

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 5:10:09 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
PUP-FPD
5600.6094

Qihoo 360 Security
HEUR/QVM05.1.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Heuristic!ET#94% (rdm+)
23.00.65.17313

File size:
2.2 MB (2,301,440 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\{3d720b2e-19da-6796-7442-427e502abee6}\uninst.exe

File PE Metadata
Compilation timestamp:
10/8/2015 1:25:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1F73D8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 08, EB, 5E, 00, E8, 54, 6A, E1, FF, A1, 10, CE, 5F, 00, 8B, 00, E8, 28, 90, FD, FF, 8B, 0D, 34, CF, 5F, 00, A1, 10, CE, 5F, 00, 8B, 00, 8B, 15, 68, 8A, 5D, 00, E8, 28, 90, FD, FF, A1, 10, CE, 5F, 00, 8B, 00, E8, 78, 91, FD, FF, E8, F3, 1A, E1, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2 MB (2,054,144 bytes)

3 Program Uninstaller
Program name:
Yahoo! Powered

Uninstall string:
"C:\users\{user}\appdata\local\{3d720b2e-19da-6796-7442-427e502abee6}\uninst.exe" -fn=""-p=\uninstall \s \noun \delselfdir

Program name:
Search Provided by Yahoo

Uninstall string:
"C:\users\{user}\appdata\local\{99b4afe8-bd1c-c350-d084-e6b8f4ec1a20}\uninstall.exe" \uninstall \s \noun

Program name:
Chromium

Display publisher:
Chromium

Display version:
51.0.2683.0

Uninstall string:
"C:\users\{user}\appdata\local\{5632606e-729a-0cd6-1f02-293e3b6ad5a6}\uninstall.exe" \uninstall \s \noun \delselfdir


Scheduled Task
Task name:
{04AB9409-A8FB-4F51-98DA-C238D08766F1}

Trigger:
Daily (Runs daily at 16:51)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-225-212-5.compute-1.amazonaws.com  (54.225.212.5:80)

TCP (HTTP):
Connects to ec2-23-21-246-202.compute-1.amazonaws.com  (23.21.246.202:80)

TCP (HTTP SSL):
Connects to geoip-zlb.vips.scl3.mozilla.com  (63.245.215.82:443)

TCP (HTTP):
Connects to server-54-230-59-157.gru1.r.cloudfront.net  (54.230.59.157:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (52.216.16.24:80)

TCP (HTTP):
Connects to ec2-54-225-136-136.compute-1.amazonaws.com  (54.225.136.136:80)

TCP (HTTP):
Connects to ec2-23-21-215-187.compute-1.amazonaws.com  (23.21.215.187:80)

TCP (HTTP):
Connects to ec2-107-21-124-225.compute-1.amazonaws.com  (107.21.124.225:80)

Scan uninst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.