home

uninstall.exe

Funshion

Beijing Funshion Online Technologies Ltd.

The application uninstall.exe, “Funshion Installation” by Beijing Funshion Online Technologies has been detected as a potentially unwanted program by 9 anti-malware scanners.
Publisher:
北京风行在线技术有限公司  (signed by Beijing Funshion Online Technologies Ltd.)

Product:
Funshion

Description:
Funshion Installation

Version:
3.0.6.75

MD5:
fad7d9288728dcc5c926fa4e2f3c49d3

SHA-1:
ed250e8387da7c6bc78d1c9a7d946130ec1a686c

SHA-256:
bea52ad94011667e6f5e8de67d72fff600c0ffb258a617534d0efb22ef1b1108

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/5/2024 7:26:35 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-170315

AVG
Generic
2018.0.2438

Bkav FE
W32.HfsAdware
1.3.0.8876

Emsisoft Anti-Malware
Application.InstallFun
8.17.03.15.09

ESET NOD32
Win32/Funshion.A potentially unwanted (variant)
11.15085

IKARUS anti.virus
PUA.Funshion
0.2.1.2

K7 AntiVirus
Adware
13.10.5.22706

Malwarebytes
PUP.Optional.Funshion
v2017.03.15.09

Zillya! Antivirus
Adware.CrossRiderCRTD.Win32.4629
2.0.0.3232

File size:
818.3 KB (837,952 bytes)

Product version:
3.0.6.75

Copyright:
Copyright (C) 2005-2013 All Rights Reserved.

Original file name:
FunshionUninstal.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\funshion online\3.0.6.75\uninstall.exe

Digital Signature
Signed by:
Beijing Funshion Online Technologies Ltd.

Authority:
thawte, Inc.

Valid from:
7/1/2016 8:00:00 AM

Valid to:
8/2/2018 7:59:59 AM

Subject:
CN=Beijing Funshion Online Technologies Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Beijing Funshion Online Technologies Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
09EE6E75F28D557606529DDCFE40D9B7

File PE Metadata
Compilation timestamp:
3/13/2017 5:45:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x53633

Entry point:
E8, 2B, C3, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 51, 56, 8D, 45, F8, 50, FF, 15, 28, A0, 47, 00, 8B, 4D, FC, 33, C0, 2B, 05, 30, EF, 49, 00, 1B, 0D, 34, EF, 49, 00, 33, F6, 03, 45, F8, 56, 68, 10, 27, 00, 00, 13, CE, 51, 50, E8, AC, 67, 00, 00, 5E, C9, C3, 8B, FF, 55, 8B, EC, 51, 51, 56, 8D, 45, F8, 50, FF, 15, 28, A0, 47, 00, 8B, 4D, FC, 33, F6, 33, C0, 03, 45, F8, 13, CE, A3, 30, EF, 49, 00, 89, 0D, 34, EF, 49, 00, 33, C0, 5E, C9, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, 3D, C4...
 
[+]

Entropy:
6.7174

Code size:
480.5 KB (492,032 bytes)

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.