uninstall.exe

xVidly

Jottix international media G. M (2007) LTD

The application uninstall.exe by Jottix international media G. M (2007) has been detected as a potentially unwanted program by 6 anti-malware scanners. Additionally, the file is typically installed by a number of programs including xvidly.exe by Jottix and xVidly by Jottix. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install.xvidly.com.
Publisher:
Jottix  (signed by Jottix international media G. M (2007) LTD)

Product:
xVidly

Version:
1.0

MD5:
2a7e213b4031668159e07962f639bb2f

SHA-1:
7bb1f9cb6893a443f908202d1b2ceca1d3908b41

SHA-256:
8396502501c78420587d56523ea6a2cac6093573bf2942d3420f773b14ab9f8f

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:16:07 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Adware-AZL [Adw]
2014.9-131125

AVG
MalSign.Generic
2014.0.3644

Boost by Reason
Adware.JottixinternationalmediaGM2007.M
2013.7.26.17

Reason Heuristics
PUP.JottixinternationalmediaGM2007.M
14.2.26.9

Sophos
Jottix
4.96

VIPRE Antivirus
Jottix
25342

File size:
164.3 KB (168,256 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\uninstall.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/22/2012 4:00:00 PM

Valid to:
12/23/2013 3:59:59 PM

Subject:
CN=Jottix international media G. M (2007) LTD, O=Jottix international media G. M (2007) LTD, L=Tel-Aviv -Jaffa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
78D22334FC3A8C23C5226A26540F86C6

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:OQIURTXJWvhhFHtDFVPrchWEPt7PtqnP5f0RX:Os4pfZ/rchWy7QnPi

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
5.8907

Code size:
23 KB (23,552 bytes)

The file uninstall.exe has been discovered within the following programs.

xVidly  by Jottix
Bundles the xVidly Toolbar, an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monitization platforms during installation.
www.jottix.com
68% remove it
xvidly.exe  by Jottix
About 6% of users remove it
 
Powered by Should I Remove It?

The file uninstall.exe has been seen being distributed by the following URL.

Remove uninstall.exe - Powered by Reason Core Security