uninstaller.exe

Application Manager

Bit89 Inc.

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application uninstaller.exe by Bit89 has been detected as adware by 21 anti-malware scanners. This web browser add-on will claim to protect the web browser but will instead hijack it by modifying the home and search pages. The file has been seen being downloaded from www.bit89.com.
Publisher:
PerformerSoft LLC  (signed by Bit89 Inc.)

Product:
Application Manager

Version:
2,6,1562,222

MD5:
9a04fa3a72706559493a61a804806801

SHA-1:
2e66afdaa90982c1aeb54c94791feec755dcfaf6

SHA-256:
069c205c2ecaa21b8c8198b724f97cd20a7aae5b618117a07cf07f414fce3994

Scanner detections:
21 / 68

Status:
Adware

Explanation:
This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Analysis date:
12/30/2024 10:19:55 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Rotbrow
14.04.08

Avira AntiVirus
TR/BProtector.Gen
7.11.141.166

avast!
Win32:BProtect-D [Trj]
2014.9-140408

AVG
Generic5
2015.0.3510

Clam AntiVirus
Win.Adware.BProtector
0.98/18355

Comodo Security
ApplicUnwnt
18059

ESET NOD32
Win32/bProtector (variant)
8.9639

Fortinet FortiGate
Adware/Bprotect
4/8/2014

F-Secure
Application:W32/BProtector.A
11.2014-08-04_3

G Data
Win32.Application.BHO
14.4.24

K7 AntiVirus
Unwanted-Program
13.176.11663

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.4046

Malwarebytes
PUP.Optional.PerformerSoft.A
v2014.04.08.07

McAfee
Adware-Bprotect.b
5600.7166

Microsoft Security Essentials
TrojanDropper:Win32/Rotbrow.A
1.10401

Quick Heal
TrojanDropper.Rotbrow
4.14.12.00

Reason Heuristics
PUP.Bit89.L
14.8.7.17

Sophos
BProtector
4.98

Trend Micro House Call
TROJ_SPNV.03A114
7.2.98

Trend Micro
TROJ_SPNV.03A114
10.465.08

VIPRE Antivirus
Bprotector
28102

File size:
2 MB (2,074,576 bytes)

Product version:
2,6,1562,222

Copyright:
Copyright (C) 2012

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\uninstaller.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
9/4/2012 5:00:34 PM

Valid to:
9/4/2015 5:00:34 PM

Subject:
CN=Bit89 Inc., O=Bit89 Inc., L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4F179649BA374C

File PE Metadata
Compilation timestamp:
8/30/2013 10:53:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:RAKxojYUb+/lRifVMYGqW9AJyNTZ2ledv/eARXR:XxojVb+/6fDGqS/eAX

Entry address:
0x84257

Entry point:
E8, 17, D5, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 51, A1, 4C, 2C, 5B, 00, 33, C5, 89, 45, FC, 53, 56, 8B, F1, 33, DB, 57, 3B, F3, 75, 14, E8, FD, 2A, 00, 00, 6A, 16, 5E, 89, 30, E8, 57, 73, 00, 00, E9, 2C, 01, 00, 00, FF, 75, 08, 56, E8, 4C, E6, FF, FF, 59, 59, 3B, 45, 08, 72, 07, 33, C0, 66, 89, 06, EB, D5, 8B, 45, 0C, 8B, 00, 8B, 40, 14, 3B, C3, 75, 29, 8B, C6, 66, 39, 1E, 74, 1B, 0F, B7, 08, 83, F9, 41, 72, 0B, 83, F9, 5A, 77, 06, 83, C1, 20, 66, 89, 08, 83, C0, 02, 66, 39, 18, 75, E5, 33...
 
[+]

Entropy:
6.5892

Code size:
1.2 MB (1,272,832 bytes)

The file uninstaller.exe has been seen being distributed by the following URL.

Remove uninstaller.exe - Powered by Reason Core Security