» Uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Network (7)

Uninstall.exe

GeniusBox.Uninstaller

Joltlogic

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application Uninstall.exe by Joltlogic has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This is the uninstaller utility registered in the Windows Control Panel for the program GeniusBox 2.0 by GeniusBox 2.0. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Uninstall.exe

Publisher:

Joltlogic (signed and verified)

Product:

GeniusBox.Uninstaller

Version:

1.0.0.0

MD5:

dcf9592ff6f64b6032ff3f84025e673f

SHA-1:

286de999a0bd4727dac5dd2d014c1135b95b0367

SHA-256:

5b08506d774ad9b826db3eb0ab780a9cc68c8a64bad54c7606a4dc19879deac6

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

2/25/2025 1:26:36 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/BrowseFox.Gen4

7.11.210.56

avast!

Win32:IBryte-JX [PUP]

2014.9-150220

AVG

Generic

2016.0.3192

Bkav FE

W32.HfsAdware

1.3.0.6379

ESET NOD32

MSIL/Adware.iBryte (variant)

9.11176

Fortinet FortiGate

Adware/IBryte

2/20/2015

IKARUS anti.virus

PUA.BrowserFox

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.194.14966

McAfee

Artemis!821A99433B1F

5600.6848

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.Adknowledge

15.2.20.23

Sophos

Generic PUA ND

4.98

Trend Micro House Call

Suspicious_GEN.F47V0213

7.2.51

VIPRE Antivirus

AdKnowledge

37550

File size:

745.2 KB (763,104 bytes)

Product version:

1.0.0.0

Original file name:

Uninstall.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\browser extensions\uninstall.exe

Digital Signature

Signed by:

Joltlogic

Authority:

COMODO CA Limited

Valid from:

7/15/2014 8:00:00 PM

Valid to:

7/16/2015 7:59:59 PM

Subject:

CN=Joltlogic, O=Joltlogic, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5EE011413A702F6705B25B34B674F3AB

File PE Metadata

Compilation timestamp:

2/20/2015 3:53:01 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:RVm3PM6qMleu7miCDh07BWR1dANvuZvZaHJRU8aej9ek4sFtZEv1POvFDXZ4OybC:7m/FqMR7mvDy7iMvjpRU8ameGZW1mvlD

Entry address:

0xBA2AA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9207

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

737 KB (754,688 bytes)

Program Uninstaller

Program name:

GeniusBox 2.0

Display publisher:

GeniusBox 2.0

Display version:

2.0

Uninstall string:

"C:\users\{user}\appdata\local\browser extensions\uninstall.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-235-216-26.compute-1.amazonaws.com (54.235.216.26:80)

TCP (HTTP):

Connects to ec2-54-235-170-110.compute-1.amazonaws.com (54.235.170.110:80)

TCP (HTTP):

Connects to 199-255-210-165.anchorfree.com (199.255.210.165:80)

TCP (HTTP):

Connects to ec2-54-221-199-236.compute-1.amazonaws.com (54.221.199.236:80)

TCP (HTTP):

Connects to ec2-54-197-244-69.compute-1.amazonaws.com (54.197.244.69:80)

TCP (HTTP):

Connects to ec2-50-17-218-85.compute-1.amazonaws.com (50.17.218.85:80)

TCP (HTTP):

Connects to ec2-23-23-200-28.compute-1.amazonaws.com (23.23.200.28:80)

Remove Uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.