» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Berta Brid Eco

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Berta Brid Eco has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program PalMall by BND. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Berta Brid Eco (signed and verified)

MD5:

e12200ec019a1b8a9d920ed4af4fac34

SHA-1:

ac85478e4ec1d8105861bf73227594276b180382

SHA-256:

ad351c0b0aadb75ee8b70a7cf2c998078aeecb907ae6750c451261e17e580f7a

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/2/2024 11:31:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Brightcircle (M)

17.3.1.4

File size:

85.9 KB (87,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\palmall\uninstall.exe

Digital Signature

Signed by:

Berta Brid Eco

Authority:

COMODO CA Limited

Valid from:

8/13/2014 9:00:00 PM

Valid to:

8/14/2015 8:59:59 PM

Subject:

CN=Berta Brid Eco, O=Berta Brid Eco, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EF48FE90F98CEC7AF0FDEECC0B376D44

File PE Metadata

Compilation timestamp:

9/23/2014 4:34:18 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x4F0B

Entry point:

E8, 10, 59, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 58, 2E, 41, 00, E8, 1F, 0A, 00, 00, E8, 7E, 24, 00, 00, 0F, B7, F0, 6A, 02, E8, A3, 58, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 84, 52, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

52 KB (53,248 bytes)

Program Uninstaller

Program name:

PalMall

Display publisher:

BND

Display version:

1.35.9.16

Uninstall string:

C:\Program Files (x86)\PalMall\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.