» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

uninstall.exe

Installer

Ignore Idea Inc. LLC

The application uninstall.exe by Ignore Idea has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program SimpleFiles by https://www.www.simples-files.com. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

uninstall.exe

Publisher:

New Monte Inc (signed by Ignore Idea Inc. LLC)

Product:

Installer

Version:

1, 0, 1059, 1

MD5:

cf7c761162d3180d8ea8f584417a4607

SHA-1:

ace4c36016d2f5409b6681c012d489d7b09295fa

SHA-256:

dace1b1371afaeb5d51c247864a406500c2e1a4b0c8f2acd3e164145f6beffcf

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 2:24:30 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ViaAdvertising (M)

17.3.16.11

File size:

3.3 MB (3,467,920 bytes)

Product version:

1.0.0.1

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\Program Files\simplefiles\uninstall.exe

Digital Signature

Signed by:

Ignore Idea Inc. LLC

Authority:

Ignore Idea Inc. LLC

Valid from:

1/30/2016 12:15:37 AM

Valid to:

1/29/2017 12:15:37 AM

Subject:

CN=Ignore Idea LLC, OU=Ignore Idea LLC, O=Ignore Idea Inc. LLC, S=Manchester, C=UK

Issuer:

CN=Ignore Idea LLC, C=UK, S=Manchester, L=Manchester, E=admin@ignoreidea.com, OU=Ignore Idea LLC, O=Ignore Idea Inc. LLC

Serial number:

100001

File PE Metadata

Compilation timestamp:

1/25/2016 3:32:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x678013

Entry point:

E9, 12, C2, 0B, 00, A4, FA, 9F, 45, 4F, 4D, 6E, 74, CE, 0F, F2, DB, DF, 9F, E3, FB, 06, CB, 07, 26, 94, 1E, E3, 1E, E3, F6, 0B, E6, 9C, 32, EE, 5F, B3, D1, 9D, F7, FE, 03, C2, 3F, BA, 47, 92, 55, 33, CB, A6, D2, 31, CA, 7C, 62, 43, 91, C0, 89, 9A, 11, 80, 95, DB, 11, 79, B3, 96, DD, 45, 92, 60, 81, 1F, 00, 47, 0D, C0, 1D, EB, EE, 10, 94, 58, 0F, 1B, AC, C2, 23, AA, 00, E5, 84, B9, 48, A5, 42, 0E, 5F, 9B, E1, 63, 84, D8, 0F, 49, 33, 1D, CA, A2, 45, 07, 66, B4, B9, 7D, 6A, E6, 22, E0, 94, 32, 03, 17, 55, A7... 
[+]

Entropy:

7.9129

Packer / compiler:

Xtreme-Protector v1.05

Code size:

1.5 MB (1,587,200 bytes)

Program Uninstaller

Program name:

SimpleFiles

Display publisher:

https://www.www.simples-files.com

Display version:

15.16.05

Uninstall string:

"C:\Program Files (x86)\SimpleFiles\Uninstall.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.