uninstall.exe

The application uninstall.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from www.vidsafehaven.com.
MD5:
5a428ed33406452556e1ceced44cd382

SHA-1:
92778235f177c745a5736232cacf474d9e8af883

SHA-256:
46128cb3a7ef8d6bd4824a14960578b0bbdbb2a83165daa64b4a6ff2460c12f9

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
12/27/2024 3:02:52 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod7ad.Trojan
1.3.0.4613

Dr.Web
Trojan.Packed.2818
9.0.1.015

ESET NOD32
Win32/InstallCore.AZ (variant)
8.9267

F-Prot
W32/InstallCore.W.gen
v6.4.7.1.166

IKARUS anti.virus
SoftwareBundler
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.10781

Microsoft Security Essentials
1.165.247.01

Norman
InstallCore.UMFM
11.20140115

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14113

VIPRE Antivirus
InstallCore
25240

File size:
1.2 MB (1,254,616 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\uninstall.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:3hzMUnLWObMKWGHN/UL1VRp6BZlZyFOH+EQIMZIbT1A:3hzxniOZNIp67WOHbflb5

Entry address:
0xDA820

Entry point:
55, 8B, EC, 83, C4, F0, B8, 9C, 63, 40, 00, E8, D5, F7, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
885 KB (906,240 bytes)

The file uninstall.exe has been seen being distributed by the following URL.

Remove uninstall.exe - Powered by Reason Core Security