uninstall.exe

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application uninstall.exe, “Word Proser Setup” by Wordprosers has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Word Proser 1.10.0.9 by Word Proser.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser

Description:
Word Proser Setup

Version:
1.10.0.9

MD5:
d2ab95aa537ac59e3de674256cd9b164

SHA-1:
6d372b72e038902a5dbe14e284c6d31eb77edb03

SHA-256:
10801427244427ecfd74554b8b598d571654357ae795682bb5b586af61671332

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 11:57:44 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.InfoAtoms
15.2.11.12

File size:
307.4 KB (314,744 bytes)

Product version:
1.10.0.9

Copyright:
(c) 2014 Word Proser

Original file name:
wordproser-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\wordproser_1.10.0.9\uninstall.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 6:58:57 AM

Valid to:
6/30/2016 6:58:57 AM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:4SX5xoYh4mXMNfRhEeM2rIXk7zpfY9cerV:BToY7XMNXLM2sTJrV

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
6.9391

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Program Uninstaller
Program name:
Word Proser 1.10.0.9

Display publisher:
Word Proser

Display version:
1.10.0.9

Uninstall string:
C:\Program Files (x86)\WordProser_1.10.0.9\Uninstall.exe


Remove uninstall.exe - Powered by Reason Core Security