» uninstall.exe
Overview
Analysis
File Details
Programs (2)
Downloads (1)

uninstall.exe

xVidly

Jottix international media G. M (2007) LTD

The application uninstall.exe by Jottix international media G. M (2007) has been detected as a potentially unwanted program by 6 anti-malware scanners. Additionally, the file is typically installed by a number of programs including xvidly.exe by Jottix and xVidly by Jottix. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install.xvidly.com.

File name:

uninstall.exe

Publisher:

Jottix (signed by Jottix international media G. M (2007) LTD)

Product:

xVidly

Version:

1.0

MD5:

2a7e213b4031668159e07962f639bb2f

SHA-1:

7bb1f9cb6893a443f908202d1b2ceca1d3908b41

SHA-256:

8396502501c78420587d56523ea6a2cac6093573bf2942d3420f773b14ab9f8f

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 4:36:12 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-AZL [Adw]

2014.9-131125

AVG

MalSign.Generic

2014.0.3644

Boost by Reason

Adware.JottixinternationalmediaGM2007.M

2013.7.26.17

Reason Heuristics

PUP.JottixinternationalmediaGM2007.M

14.2.26.9

Sophos

Jottix

4.96

VIPRE Antivirus

Jottix

25342

File size:

164.3 KB (168,256 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\uninstall.exe

Digital Signature

Signed by:

Jottix international media G. M (2007) LTD

Authority:

Thawte, Inc.

Valid from:

12/22/2012 4:00:00 PM

Valid to:

12/23/2013 3:59:59 PM

Subject:

CN=Jottix international media G. M (2007) LTD, O=Jottix international media G. M (2007) LTD, L=Tel-Aviv -Jaffa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

78D22334FC3A8C23C5226A26540F86C6

File PE Metadata

Compilation timestamp:

12/5/2009 2:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:OQIURTXJWvhhFHtDFVPrchWEPt7PtqnP5f0RX:Os4pfZ/rchWy7QnPi

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

5.8907

Code size:

23 KB (23,552 bytes)

The file uninstall.exe has been discovered within the following programs.

xVidly by Jottix

Bundles the xVidly Toolbar, an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monitization platforms during installation.

www.jottix.com

68% remove it

xvidly.exe by Jottix

About 6% of users remove it

The file uninstall.exe has been seen being distributed by the following URL.

http://install.xvidly.com/.../uninstall.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.