uninstall.exe

QUICKREF

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application uninstall.exe by QUICKREF has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Quick Ref 1.10.0.13 by Quick Ref.
Publisher:
Quick Ref  (signed by QUICKREF)

Product:
Quick Ref

Description:
Quick Ref Setup

Version:
1.10.0.13

MD5:
67214f073ff3a64c258fcfa314e60d48

SHA-1:
5af8cb1cc5fabd05cece6a3985fca6798820892c

SHA-256:
f60bc72cc315fd96dfdc56a9ec326660720ddbfb0e610aeb92807224968a3527

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
12/25/2024 1:08:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Vitruvian.J
655

AhnLab V3 Security
PUP/Win32.Vitruvian
2015.04.03

AVG
Generic
2016.0.3133

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.15420

Bitdefender
Adware.Vitruvian.J
1.0.20.550

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Plugin.274
9.0.1.0110

Emsisoft Anti-Malware
Adware.Vitruvian
8.15.04.20.08

F-Secure
Adware.Vitruvian.J
11.2015-20-04_2

G Data
Adware.Vitruvian
15.4.25

Kaspersky
not-a-virus:AdWare.Win32.Vitruvian
14.0.0.2161

Malwarebytes
PUP.Optional.QuickRef.A
v2015.04.20.08

MicroWorld eScan
Adware.Vitruvian.J
16.0.0.330

Reason Heuristics
Threat.InfoAtoms.Installer
15.4.20.16

File size:
308.8 KB (316,232 bytes)

Product version:
1.10.0.13

Copyright:
(c) 2014 Quick Ref

Original file name:
quickref-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\quickref_1.10.0.13\uninstall.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/4/2014 2:50:56 PM

Valid to:
9/4/2016 2:50:56 PM

Subject:
E=Support@quickrefapp.com, CN=QUICKREF, O=QUICKREF, L=Dover, S=DE, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219B2E795F5F7739842A0C0B7E7F9F1A08

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:OuxkZuTXJUpoTi2KkJevncXzpPCcdYvv82qg9Tx+IfAlAeefZDfY9kje9NVc:OSafQsMzpPOx9Tx+i8PiQqqc

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
6.8546

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Program Uninstaller
Program name:
Quick Ref 1.10.0.13

Display publisher:
Quick Ref

Display version:
1.10.0.13

Uninstall string:
C:\Program Files\QuickRef_1.10.0.13\Uninstall.exe


Remove uninstall.exe - Powered by Reason Core Security