home

uninstall.exe

The application uninstall.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.gpil.org.
MD5:
ee662c202985820805b65d0b2cb7868b

SHA-1:
db06630ba143b04a1bb7904de4725f51bfd6e3e7

SHA-256:
bf273500b6f554ce2c50639197f19982db183ea29dc6e33b400426f9b49602a4

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/16/2024 7:36:07 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2013.10.09

Avira AntiVirus
APPL/Downloader.Gen6
7.11.106.104

avast!
Win32:InstallCore-AS [PUP]
2014.9-140215

Bitdefender
Application.InstallCore.AA
1.0.20.230

Clam AntiVirus
W32.Adware.InstallCore-1
0.98/18155

Comodo Security
UnclassifiedMalware
17075

Dr.Web
Adware.InstallCore.43
9.0.1.046

ESET NOD32
Win32/InstallCore (variant)
8.8893

Fortinet FortiGate
Riskware/InstallCore
2/15/2014

F-Secure
Application.InstallCore.AA
11.2014-15-02_7

G Data
Application.InstallCore.AA
14.2.22

Malwarebytes
PUP.Adware.Installcore
v2014.02.15.01

McAfee
Artemis!EE662C202985
5600.7218

MicroWorld eScan
Application.InstallCore.AA
15.0.0.138

Sophos
Install Core Click run software
4.93

Trend Micro House Call
TROJ_GEN.RCBC8I4
7.2.46

Trend Micro
TROJ_GEN.RCBC8I4
10.465.15

VIPRE Antivirus
Click run software
22218

File size:
1.1 MB (1,114,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\videoconverter\uninstall\uninstall.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:SFt+pJJ0bSiGKHLF8n6EWns+KU6jez1aYvT998rwBLQ:SfsJASiGKre6o+KHjY1JT991BL

Entry address:
0xC16FC

Entry point:
55, 8B, EC, 83, C4, F0, B8, 79, 70, 49, 00, E8, A9, E6, FF, FF, 79, 9E, 1E, 0A, EE, B8, C3, 89, 97, 60, 7D, 87, 39, D5, 31, A8, 58, 06, EA, C5, 36, E7, C2, 7D, 3A, 06, C3, 86, 69, 43, FA, 0F, C8, 2C, 41, 73, BE, 5D, 63, 16, DB, CC, B3, 27, 95, F8, 46, A8, E6, 5B, 3D, F8, D5, 96, FC, B0, 58, 3F, 2C, A0, 19, 3B, CB, 37, 0A, 0A, DB, A7, DF, 87, 4A, 80, C0, EC, 27, AA, DD, 1C, 5F, ED, B9, 8B, 6D, 6C, 4A, 4F, CF, C0, 4A, 19, 27, B2, 4F, 33, 56, 9D, 94, C2, 05, FE, 7B, E7, 52, E5, 3E, 6F, A9, 0A, 4B, 45, FE, E4...
 
[+]

Entropy:
7.0528

Code size:
787 KB (805,888 bytes)

The file uninstall.exe has been seen being distributed by the following URL.

http://www.gpil.org/.../VideoConverter_v5.exe

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.