uninstall.exe

Digit Network (Extreme White Limited)

The application uninstall.exe by Digit Network (Extreme White Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program MyBrowser 1.0.2V04.10 by MyBrowser 1.0.2V04.10. While running, it connects to the Internet address ip-70.32.1.32.hosted.by.gigenet.com on port 80 using the HTTP protocol.
Publisher:
Digit Network (Extreme White Limited)  (signed and verified)

MD5:
6602b9ef29716f8b662e7d0562ace8fb

SHA-1:
d9025d21c57e3f9cc394696753be857d07a9a7cf

SHA-256:
df1eab74da1e6864fe84b0add6623709ad65b1d92916277e1bdc4b0ee38d53ea

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 12:48:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited.Installer (M)
16.1.14.2

File size:
116.1 KB (118,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\mybrowser 1.0.2v04.10\uninstall.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 2:00:00 AM

Valid to:
4/15/2016 1:59:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
10/4/2015 12:04:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:eJrAPy6/pwHX6suPcrGZR79MHdC9mTUE6RLhlAcqVtsWjcdoTd9y87CvYwZ:1y6CAJZR7mHITK8Sdg87CvYwZ

Entry address:
0x88EF

Entry point:
E8, 7D, 67, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D8, B3, 41, 00, E8, 2B, 0A, 00, 00, E8, AA, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, 10, 67, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F1, 60, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
82.5 KB (84,480 bytes)

Program Uninstaller
Program name:
MyBrowser 1.0.2V04.10

Display publisher:
MyBrowser 1.0.2V04.10

Display version:
1.36.01.22

Uninstall string:
C:\Program Files (x86)\MyBrowser 1.0.2V04.10\Uninstall.exe /fcp=1 /runexe='C:\Program Files (x86)\MyBrowser 1.0.2V04.10\UninstallBrw.exe' /url='http://notif.devbitrack.com/notf_sys/index.html' /brwtyp


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-70.32.1.32.hosted.by.gigenet.com  (70.32.1.32:80)

Remove uninstall.exe - Powered by Reason Core Security