uninstall.exe

Proxy Video Downloader

Link64 GmbH

The application uninstall.exe, “Updater [ProxyVideoDownloader]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program VideoDownloaderUltimate by Link64.
Publisher:
Link64 GmbH  (signed and verified)

Product:
Proxy Video Downloader

Description:
Updater [ProxyVideoDownloader]

Version:
1.0.1.33

MD5:
a17f0b99e6cb13431e70ccd473627699

SHA-1:
ee60ea2a73b8a1218d0f1af9d4b0e5ea259938b2

SHA-256:
ed5f3b670929ab307ae9be0ee9122ec13a6ffc4bf46d4680abca37446d57ae1a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 1:38:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.16.5

File size:
1.5 MB (1,586,808 bytes)

Product version:
1.0.1.33

Copyright:
(c) 2014 Link64 GmbH. All rights reserved.

Original file name:
ProxyVideoDownloader_Install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\videodownloaderultimatewinapp\uninstall.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/19/2013 8:00:00 PM

Valid to:
3/22/2015 7:59:59 PM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
70B8C92A22236AF8064642CFE2790458

File PE Metadata
Compilation timestamp:
1/13/2015 8:49:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:IARVT1FU8Q8nNP17U9wZxLrVn6tHD3gCQ1gw4L5:IA08ZZBjZt9Yje1gwq5

Entry address:
0x61C6

Entry point:
E8, EA, 60, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 83, EC, 18, 53, 56, FF, 75, 0C, 8D, 4D, E8, E8, 2D, E9, FF, FF, 8B, 5D, 08, BE, 00, 01, 00, 00, 3B, DE, 73, 54, 8B, 4D, E8, 83, B9, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, A2, 36, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, C8, 00, 00, 00, 0F, B6, 04, 58, 83, E0, 01, 85, C0, 74, 0F, 8B, 81, CC, 00, 00, 00, 0F, B6, 04, 18, E9, A7, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C3, E9, A0, 00, 00, 00, 8B, 45, E8...
 
[+]

Entropy:
7.8458  (probably packed)

Code size:
172 KB (176,128 bytes)

Program Uninstaller
Program name:
VideoDownloaderUltimate

Display publisher:
Link64

Display version:
1.0.1.33

Uninstall string:
C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe


Remove uninstall.exe - Powered by Reason Core Security