uninstall.exe

YoU

IF

The application uninstall.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address ip-198.12-157-55.ip.secureserver.net on port 80 using the HTTP protocol.
Publisher:
IF

Product:
YoU

Description:
Catch

Version:
8.5.6.2

MD5:
33b9db261161d6ff26c29bfdab78b8e3

SHA-1:
bbe93719b3f878580287ce72859ec220bc84cb0e

SHA-256:
6df2697c56edeb939a0df6c1bd326672daf5728438bdd19a18e0b3016462e604

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 5:33:59 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.CsdiMonetize.L application
6.3.12010.0

Reason Heuristics
Adware.Monetize.ET (M)
17.3.6.21

File size:
344 KB (352,256 bytes)

Product version:
8.5.6.2

Copyright:
Can

Trademarks:
sdhjsjd

Original file name:
kenpachi.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\njzteh3obp\uninstall.exe

File PE Metadata
Compilation timestamp:
3/6/2017 8:55:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x4B56E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.9851

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
293.5 KB (300,544 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
uninstall.exe

Command:
C:\users\{user}\appdata\local\temp\{random}.tmp\njzteh3obp\uninstall.exe uninstall0


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 10.ip-193-70-84.eu  (193.70.84.10:80)

TCP (HTTP):
Connects to ec2-107-20-147-93.compute-1.amazonaws.com  (107.20.147.93:80)

TCP (HTTP):
Connects to ec2-54-243-162-153.compute-1.amazonaws.com  (54.243.162.153:80)

TCP (HTTP):
Connects to server-52-84-246-27.sfo20.r.cloudfront.net  (52.84.246.27:80)

TCP (HTTP):
Connects to ip-198.12-157-55.ip.secureserver.net  (198.12.157.55:80)

Remove uninstall.exe - Powered by Reason Core Security