uninstall.exe

Setup Factory Runtime

Media Codecs Interactive LLC

The application uninstall.exe, “Setup Application” by Media Codecs Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Setup Factory installer. This is the uninstaller utility registered in the Windows Control Panel for the program Worldwide Web Research by Media Codecs Interactive LLC.
Publisher:
Indigo Rose Corporation  (signed by Media Codecs Interactive LLC)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.0.4.0

MD5:
1e80234ef302692fed5a703b58c7da30

SHA-1:
065385d5b665aa2bf7dbde5759bc1c6b67503f3a

SHA-256:
5137f86232ea3437b1163ec6c0e1bee470a0be9df4618d6c646409cdcacd3d6f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 1:33:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaCod.Installer (M)
16.4.25.9

File size:
1.3 MB (1,351,776 bytes)

Product version:
9.0.4.0

Copyright:
Runtime Engine Copyright © 2012 Indigo Rose Corporation (www.indigorose.com)

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation

Original file name:
suf_rt.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\Program Files\worldwide web research\uninstall.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/16/2014 6:00:00 PM

Valid to:
2/17/2016 5:59:59 PM

Subject:
CN=Media Codecs Interactive LLC, O=Media Codecs Interactive LLC, STREET="2711 Centerville Road, Suite 400", L=Wilmington, S=Delaware, PostalCode=19808, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
63947F076DDE97DF55EEFBFED004A037

File PE Metadata
Compilation timestamp:
12/16/2011 12:23:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:UB/s9XkrGUtabZRNM5vnRCnofkCuDVw4miJV5AX+ec999treoEUXLYydFsoked/M:QsY+7u5ZCn0kDb14A9hCk0ydWeC

Entry address:
0x3C2C80

Entry point:
60, BE, 00, 30, 68, 00, 8D, BE, 00, E0, D7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9202

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
1.3 MB (1,310,720 bytes)

Program Uninstaller
Program name:
Worldwide Web Research

Display publisher:
Media Codecs Interactive LLC

Display version:
11.041.44

Uninstall string:
"C:\Program Files (x86)\Worldwide Web Research\uninstall.exe" "/U:C:\Program Files (x86)\Worldwide Web Research\Uninstall\uninstall.xml"


Remove uninstall.exe - Powered by Reason Core Security