uninst.exe

It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Powered.
MD5:
9b46cba2bae47fe40fffba10b9570faa

SHA-1:
cbdcdeef75d33e7b9f12352c7dee63c6c937d291

SHA-256:
84c442fd55dbecd91f6f74b40608a66bb15a444683ce8aa91f4653343b922819

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 12:40:23 AM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Generic
14.0.0.-1117

McAfee
PUP-FPD
5600.6134

Qihoo 360 Security
HEUR/QVM05.1.0000.Malware.Gen
1.0.0.1120

File size:
2.8 MB (2,904,576 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\{dc33ea6f-f89b-86d7-9503-a33fb16b5fa7}\uninst.exe

File PE Metadata
Compilation timestamp:
12/15/2015 5:57:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x28B2A8

Entry point:
55, 8B, EC, 83, C4, F0, B8, BC, 3B, 68, 00, E8, D8, 29, D8, FF, A1, 50, 0E, 69, 00, 8B, 00, E8, 0C, CC, F1, FF, 8B, 0D, 6C, 0E, 69, 00, A1, 50, 0E, 69, 00, 8B, 00, 8B, 15, FC, 04, 5B, 00, E8, 0C, CC, F1, FF, A1, 50, 0E, 69, 00, 8B, 00, E8, 64, CD, F1, FF, E8, B3, DA, D7, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.5 MB (2,663,424 bytes)

3 Program Uninstaller
Program name:
Yahoo! Powered

Uninstall string:
"C:\users\{user}\appdata\local\{dc33ea6f-f89b-86d7-9503-a33fb16b5fa7}\uninst.exe" -fn=""-p=\uninstall \s \noun \delselfdir

Program name:
Search Provided by Yahoo

Uninstall string:
"C:\users\{user}\appdata\local\{635d5501-47f5-39b9-2a6d-1c510e05e0c9}\uninstall.exe" \uninstall \s \noun \delselfdir

Program name:
Chromium

Display publisher:
Chromium

Display version:
51.0.2683.0

Uninstall string:
"C:\users\{user}\appdata\local\{75b443e8-511c-2f50-3c84-0ab818ecf620}\uninstall.exe" \uninstall \s \noun \delselfdir


Scheduled Task
Task name:
{5B72C739-50F5-4A56-A1D3-979ADB9C1EF9}

Trigger:
Daily (Runs daily at 10:52)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-21-246-202.compute-1.amazonaws.com  (23.21.246.202:80)

TCP (HTTP):
Connects to ec2-107-20-201-65.compute-1.amazonaws.com  (107.20.201.65:80)

TCP (HTTP):
Connects to ec2-54-225-212-5.compute-1.amazonaws.com  (54.225.212.5:80)

TCP (HTTP SSL):
Connects to geoip-zlb.vips.scl3.mozilla.com  (63.245.215.82:443)

TCP (HTTP):
Connects to ec2-184-73-230-77.compute-1.amazonaws.com  (184.73.230.77:80)

TCP (HTTP):
Connects to ec2-107-21-228-208.compute-1.amazonaws.com  (107.21.228.208:80)

TCP (HTTP):
Connects to ec2-23-23-166-158.compute-1.amazonaws.com  (23.23.166.158:80)

TCP (HTTP):
Connects to ec2-54-83-207-70.compute-1.amazonaws.com  (54.83.207.70:80)

TCP (HTTP):
Connects to ec2-54-191-37-103.us-west-2.compute.amazonaws.com  (54.191.37.103:80)

TCP (HTTP):
Connects to ec2-54-243-75-224.compute-1.amazonaws.com  (54.243.75.224:80)

TCP (HTTP):
Connects to ec2-54-243-162-184.compute-1.amazonaws.com  (54.243.162.184:80)

TCP (HTTP):
Connects to ec2-52-25-199-9.us-west-2.compute.amazonaws.com  (52.25.199.9:80)

TCP (HTTP):
Connects to ec2-23-21-246-179.compute-1.amazonaws.com  (23.21.246.179:80)

TCP (HTTP):
Connects to ec2-23-21-232-30.compute-1.amazonaws.com  (23.21.232.30:80)

TCP (HTTP):
Connects to ec2-107-20-235-208.compute-1.amazonaws.com  (107.20.235.208:80)

TCP (HTTP):
Connects to server-54-230-191-54.maa3.r.cloudfront.net  (54.230.191.54:80)

TCP (HTTP):
Connects to server-54-192-159-225.sin3.r.cloudfront.net  (54.192.159.225:80)

TCP (HTTP):
Connects to server-54-192-159-113.sin3.r.cloudfront.net  (54.192.159.113:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.72.11:80)

TCP (HTTP):
Connects to ec2-23-21-200-178.compute-1.amazonaws.com  (23.21.200.178:80)

Scan uninst.exe - Powered by Reason Core Security