uninstall.websearchy.exe

Installer

This adware is distributed via Adknowledge's download managers and is designed to modify and protect the web browser. The application uninstall.websearchy.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program WebSearchy by Websearchy. This file is typically installed with the program WebSearchy by WebSearchy.com which is a potentially unwanted software program.
Product:
Installer

Version:
1.0.0.0

MD5:
4bb67c371244402298808aed0dfdbbdb

SHA-1:
fb25a8cd00a0d36deecf74519ba8dde8481fea6a

SHA-256:
49d22f52d0d3e31b9d11d8a5a83d7a0af9221e284791e44b089b31c3bd54eda0

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:
12/25/2024 12:38:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Websearchy.Task.T
14.5.8.14

File size:
3.5 MB (3,665,408 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\websearchy\uninstall.websearchy.exe

File PE Metadata
Compilation timestamp:
2/14/2014 10:20:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:ueu3URUwq5mLy5uqRSxi9VGzITJPwLJVq4Y9yoMlHZzPG8BZgV+3Uu:qURqUy5rc8NoLPhYyG8BZgV+3Uu

Entry address:
0x367182

Entry point:
FF, 25, 90, 71, 76, 00, 00, 00, 00, 00, 00, 00, 00, 00, 64, 71, 36, 00, 00, 00, 00, 00, 00, 00, 00, 00, 46, 50, FE, 52, 00, 00, 00, 00, 02, 00, 00, 00, 74, 00, 00, 00, B4, 71, 36, 00, B4, 53, 36, 00, 52, 53, 44, 53, F2, B9, 29, 7D, EE, CE, 4F, 48, BF, A5, DF, 0C, 84, 6E, 5A, F0, 01, 00, 00, 00, 43, 3A, 5C, 50, 72, 6F, 6A, 65, 63, 74, 73, 5C, 6F, 6F, 5C, 49, 6E, 73, 74, 61, 6C, 6C, 65, 72, 73, 5C, 42, 72, 6F, 77, 73, 65, 72, 52, 65, 73, 65, 74, 5C, 49, 6E, 73, 74, 61, 6C, 6C, 65, 72, 5C, 49, 6E, 73, 74, 61...
 
[+]

Entropy:
7.2222

Code size:
3.4 MB (3,560,448 bytes)

Program Uninstaller
Program name:
WebSearchy

Display publisher:
Websearchy

Uninstall string:
"C:\Program Files (x86)\Websearchy\uninstall.WebSearchy.exe" /u /UserID=044F1375-ACDF-4CA7-AA0C-7B77724025D2 /SourceID=iris|iris_downlite /ImplementationID=websearchy


Scheduled Task
Task name:
WebSearchy Update Task

Trigger:
Daily (Runs daily at 1:12 AM)

Action:
uninstall.websearchy.exe \checkupdate=true

Description:
Updates your WebSearchy software. If this task is disabled or deleted, your software will not be kept up to date and may be succeptible to additional


The file uninstall.websearchy.exe has been discovered within the following program.

WebSearchy  by WebSearchy.com
WebSearchy (Adknowledge, Inc.) is a web browser extension that will integrate itself into Chrome, Firefox and Internet Explorer.
websearchy.com/legal/Terms
83% remove it
 
Powered by Should I Remove It?

The file uninstall.websearchy.exe has been seen being distributed by the following URL.

http://www.ice-av.com/websearchyinstaller.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-83-4-114.compute-1.amazonaws.com  (54.83.4.114:80)

TCP (HTTP):
Connects to ec2-54-243-65-88.compute-1.amazonaws.com  (54.243.65.88:80)

Remove uninstall.websearchy.exe - Powered by Reason Core Security