uninstall.exe

This is a self-extracting archive and installer. The file has been seen being downloaded from cdn.airdlr1.com.
Version:
1.0.5450.20850

MD5:
2e3555cb27bc8c89294b8453ce87d550

SHA-1:
8697a4a2db46f91856c665ea80c8813ec98b6d22

SHA-256:
58de940d3681b27e7e5cee76b599ebf52465afcd6839fd4b0cac13a5005205bf

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 12:27:02 AM UTC  (today)

Scan engine
Detection
Engine version

McAfee
AdRocketTab-FSE
5600.6927

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R02SH06L314
7.2.337

File size:
4.2 MB (4,450,816 bytes)

Product version:
1.0.5450.20850

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\uninstall.exe

File PE Metadata
Compilation timestamp:
12/3/2014 10:35:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:d8NoLPSpGMZMbjfR5fdOuAJij5OsUY5I/rYyWR:aouGPZT9j5OsUY5IUFR

Entry address:
0x435434

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7464

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.2 MB (4,404,736 bytes)

The file uninstall.exe has been discovered within the following program.

Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The file uninstall.exe has been seen being distributed by the following URL.

Scan uninstall.exe - Powered by Reason Core Security