» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

uninstall.exe

Installer

Application Structure Inc. LLC

The application uninstall.exe by Application Structure has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program SimpleFiles by https://www.www.simples-files.com. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

uninstall.exe

Publisher:

New Monte Inc (signed by Application Structure Inc. LLC)

Product:

Installer

Version:

1, 0, 1056, 1

MD5:

bef26c97465c3abaf6b836a0c089a1ad

SHA-1:

42913109b096ad1ea6c16602825e4f65d7082e43

SHA-256:

d04bfcee235ebe8b4e48096d0846fcc114decaf1a542a0a4469b3b96a79b7467

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 2:31:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ViaAdvertising (M)

17.3.16.13

File size:

3.2 MB (3,368,576 bytes)

Product version:

1.0.0.1

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\Program Files\simplefiles\uninstall.exe

Digital Signature

Signed by:

Application Structure Inc. LLC

Authority:

Application Structure Inc. LLC

Valid from:

1/12/2016 5:58:04 PM

Valid to:

1/11/2017 5:58:04 PM

Subject:

CN=Application Structure LLC, OU=Application Structure Inc. LLC, O=Application Structure Inc. LLC, S=Liverpool, C=UK

Issuer:

CN=Application Structure LLC, C=UK, S=Liverpool, L=Liverpool, E=admin@applicationstructure.com, OU=. LLC, O=Application Structure Inc. LLC

Serial number:

100001

File PE Metadata

Compilation timestamp:

1/14/2016 10:04:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x4F295E

Entry point:

9C, C7, 04, 24, 6B, FB, FD, 6F, 60, C7, 44, 24, 1C, 0E, 7C, 79, 39, 60, 54, 9C, 88, 2C, 24, 8D, 64, 24, 44, E9, CE, 0F, 21, 00, FD, C1, C5, 80, 44, C3, D7, 4D, 33, 67, 5F, B2, 53, 03, 60, 80, C4, E9, 5D, F5, 59, 51, 25, 58, 7C, 13, 07, 16, 6A, 0D, F1, B8, 6C, EB, FF, 84, 1A, AE, E0, F8, 7C, 00, 32, B6, 3A, B0, 10, C4, A9, 16, E9, 31, B4, 59, EC, 75, 4D, 01, 1D, 08, C6, 58, EB, 90, 18, CC, 62, 2B, C7, 67, 78, BD, C1, 8D, 41, 30, 39, 58, A1, A8, 5C, E7, EB, 95, 99, CB, 1F, 23, 55, 60, 9E, 6D, B2, F9, D1, 75... 
[+]

Entropy:

7.9084 (probably packed)

Code size:

1.5 MB (1,587,200 bytes)

Program Uninstaller

Program name:

SimpleFiles

Display publisher:

https://www.www.simples-files.com

Display version:

15.16.02

Uninstall string:

"C:\Program Files\SimpleFiles\Uninstall.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.