home

uninstall.exe

Proxy Video Downloader

Link64 GmbH

The application uninstall.exe, “Updater [ProxyVideoDownloader]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program VideoDownloaderUltimate by Link64.
Publisher:
Link64 GmbH  (signed and verified)

Product:
Proxy Video Downloader

Description:
Updater [ProxyVideoDownloader]

Version:
1.0.1.74

MD5:
f90e02bfece4da4d57c0699650c73e3e

SHA-1:
d719aa563d4cfe36dd285ff2c5867a9f1f35b540

SHA-256:
ac1a522c5b0e601395aad0585b28fa72a81312665062639bee4392e54e55bfe6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 1:12:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.29.12

File size:
1.9 MB (2,021,192 bytes)

Product version:
1.0.1.74

Copyright:
(c) 2014 Link64 GmbH. All rights reserved.

Original file name:
ProxyVideoDownloader_Install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\videodownloaderultimatewinapp\uninstall.exe

Digital Signature
Signed by:
Link64 GmbH

Authority:
thawte, Inc.

Valid from:
3/4/2015 4:00:00 PM

Valid to:
5/3/2017 4:59:59 PM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
65CD89BFF8441FFA492CCEB690151ECA

File PE Metadata
Compilation timestamp:
1/22/2016 12:28:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x61AC

Entry point:
E8, 97, 5F, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E, 03...
 
[+]

Entropy:
7.8869  (probably packed)

Code size:
176 KB (180,224 bytes)

Program Uninstaller
Program name:
VideoDownloaderUltimate

Display publisher:
Link64

Display version:
1.0.1.74

Uninstall string:
C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe


Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.