» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

PHRASEFINDER

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application uninstall.exe, “Phrase Finder Setup” by PHRASEFINDER has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Phrase Finder 1.10.0.11 by Phrase Finder.

File name:

uninstall.exe

Publisher:

Phrase Finder (signed by PHRASEFINDER)

Product:

Phrase Finder

Description:

Phrase Finder Setup

Version:

1.10.0.11

MD5:

9566f24a2956fd6c044a07fcb5157cfd

SHA-1:

d92315323e6c3b093dcf0236a4b7d216368126cf

SHA-256:

5fd03303802ca838374009a9e16f1afef1f2cd1df4eeca7ebb095129ff90d215

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/5/2024 8:21:36 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InfoAtoms (M)

16.7.21.11

File size:

307.3 KB (314,704 bytes)

Product version:

1.10.0.11

Original file name:

phrasefinder-setup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\phrasefinder_1.10.0.11\uninstall.exe

Digital Signature

Signed by:

PHRASEFINDER

Authority:

GlobalSign nv-sa

Valid from:

9/5/2014 2:15:11 AM

Valid to:

9/4/2016 11:50:25 PM

Subject:

E=support@phrasefinderapp.com, CN=PHRASEFINDER, O=PHRASEFINDER, L=Dover, S=DE, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112137C4F7456ECE3D7C3EA998E1558D1585

File PE Metadata

Compilation timestamp:

12/6/2009 4:22:06 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:iuxkZuTXJ3237a6ABBduXyjCsJBOcJNW7Jl+w1UyeBy5iuSXnIIHt7tRfbnwR9V9:iSg3mB7Sy1BX2VlxyKiueVDBn0IMV

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

6.8883

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Program Uninstaller

Program name:

Phrase Finder 1.10.0.11

Display publisher:

Phrase Finder

Display version:

1.10.0.11

Uninstall string:

C:\Program Files (x86)\PhraseFinder_1.10.0.11\Uninstall.exe

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.