uninstall.exe

PHRASEFINDER

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application uninstall.exe, “Phrase Finder Setup” by PHRASEFINDER has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Phrase Finder 1.10.0.11 by Phrase Finder.
Publisher:
Phrase Finder  (signed by PHRASEFINDER)

Product:
Phrase Finder

Description:
Phrase Finder Setup

Version:
1.10.0.11

MD5:
7881b35edaf989d2225180145318793a

SHA-1:
0c21434c6770f41e0f39368a8f339021efbed10f

SHA-256:
2be20d944116c4701cbbe2da431023cfb0472a5cbf0d276a0ed0b2d7a3dbf4ad

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 8:24:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InfoAtoms (M)
16.7.30.20

File size:
307.3 KB (314,704 bytes)

Product version:
1.10.0.11

Copyright:
(c) 2014 Phrase Finder

Original file name:
phrasefinder-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\phrasefinder_1.10.0.11\uninstall.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/4/2014 11:45:11 PM

Valid to:
9/4/2016 9:20:25 PM

Subject:
E=support@phrasefinderapp.com, CN=PHRASEFINDER, O=PHRASEFINDER, L=Dover, S=DE, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112137C4F7456ECE3D7C3EA998E1558D1585

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:2uxkZuTXJ3237a6AhBduXyjCsJBOcJNW7Jl+w1UyeBy5iuSXnIIHt7tRfbnwR9V9:2Sg3mh7Sy1BX2VlxyKiueVDBn0IMV

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
6.8882

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Program Uninstaller
Program name:
Phrase Finder 1.10.0.11

Display publisher:
Phrase Finder

Display version:
1.10.0.11

Uninstall string:
C:\Program Files (x86)\PhraseFinder_1.10.0.11\Uninstall.exe


Remove uninstall.exe - Powered by Reason Core Security