uninstall.exe

TODO:

Zhang Ling

The application uninstall.exe by Zhang Ling has been detected as adware by 24 anti-malware scanners. Additionally, the file is typically installed by a number of programs including SupTab by Thinknice Co. Limited and Linkey by Aztec Media Inc., both potentially unwanted software.
Publisher:
Zhang Ling  (signed and verified)

Product:
TODO: <Product name>

Version:
5.8.8.498

MD5:
b6a45b3af7f3e997fca5fc439a139d57

SHA-1:
18718b60a92215eae859a3fcd4088aa4263962d7

SHA-256:
3eddbc3d51fb3fd838f0244f4d6e8bacb5bfe9239127b3a21cdd3df564c18361

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
12/25/2024 12:33:06 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2015.01.02

Avira AntiVirus
PUA/Subtab.spe
8.3.1.6

avast!
Win32:SaliCode
2014.9-150105

AVG
Zhangling
2016.0.3099

Baidu Antivirus
PUA.Win32.Thinknice
4.0.3.15525

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
UnclassifiedMalware
22221

Dr.Web
Adware.Mutabaha.236
9.0.1.05190

ESET NOD32
Win32/Thinknice.E potentially unwanted application
7.0.302.0

K7 AntiVirus
Virus
13.188.14496

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.543

McAfee
Trojan.Artemis!B6A45B3AF7F3
17.6.569.0

Microsoft Security Essentials
Threat.Undefined
1.191.1318.0

NANO AntiVirus
Trojan.Win32.Thinknice.dlhdkm
0.30.24.1636

Panda Antivirus
PUP/Multitoolbar
15.05.25.06

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.ZhangLing.J
14.7.31.23

SUPERAntiSpyware
Trojan.Agent/Gen-XPack
9854

Trend Micro House Call
PE_SALITY.ER
7.2.5

Trend Micro
PE_SALITY.ER
10.465.05

Vba32 AntiVirus
AdWare.Agent
3.12.26.4

VIPRE Antivirus
Threat.4758034
35418

Zillya! Antivirus
Adware.Agent.Win32.52125
2.0.0.2187

File size:
79.4 KB (81,288 bytes)

Product version:
5.8.8.498

Copyright:
Copyright (C) 2014

Original file name:
UnInstal.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\suptab\uninstall.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/6/2014 4:29:18 AM

Valid to:
6/6/2015 4:29:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
7/3/2014 10:18:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:Ml7TcwQ/CHwSB4mzcTy1NsWjcdoHIAUOhOba1:MF5HB4bnoHIA9/

Entry address:
0x18F0

Entry point:
E8, BA, 17, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 50, 90, 40, 00, 6A, 01, A3, A4, F0, 40, 00, E8, 76, 1E, 00, 00, FF, 75, 08, E8, 0C, 1C, 00, 00, 83, 3D, A4, F0, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 5C, 1E, 00, 00, 59, 68, 09, 04, 00, C0, E8, DA, 1B, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 5D, 72, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 88, EE, 40, 00, 89, 0D, 84, EE, 40, 00, 89, 15, 80, EE, 40, 00, 89, 1D, 7C, EE, 40, 00, 89, 35, 78, EE, 40, 00, 89, 3D, 74...
 
[+]

Entropy:
5.7156

Code size:
31 KB (31,744 bytes)

The file uninstall.exe has been discovered within the following programs.

Linkey  by Aztec Media Inc.
Linkey is a potentially unwanted web browser search extension for the top browsers and designed to modify the user's search and home pages (www.default-search.com or www.linkeyproject.com/app/) in order to direct advertising via the linkeyproject.com portal.
linkeyproject.com
81% remove it
SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove uninstall.exe - Powered by Reason Core Security