» uninstaller.exe
Overview
Analysis
File Details
Behaviors (1)

uninstaller.exe

Central Icon

The application uninstaller.exe by Central Icon has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Browser Toolbox by Browser Toolbox.

File name:

uninstaller.exe

Publisher:

Central Icon (signed and verified)

Version:

2.0.5973.3864

MD5:

9cee3870c46b08e97acbbae3e22cbbef

SHA-1:

56d12ece5d07cb3ddbafee6d4d54b437a13dd7d5

SHA-256:

4dd11f721a87848e8ef3c47462bbf90d141d0bf1e2b950714bac33f84b978212

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 12:54:59 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo.CentralI.Installer.Meta (M)

16.5.19.1

File size:

364.1 KB (372,808 bytes)

Product version:

2016.05.09

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Program Files\browser toolbox\uninstaller.exe

Digital Signature

Signed by:

Central Icon

Authority:

VeriSign, Inc.

Valid from:

4/22/2016 1:00:00 AM

Valid to:

4/23/2017 12:59:59 AM

Subject:

CN=Central Icon, O=Central Icon, L=Escondido, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3D61C9511F3B498085B072BF944CDC28

File PE Metadata

Compilation timestamp:

10/26/2015 8:23:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:/yXd51oEnottWoHfWTjCEW1jvZlg5Q+uzvXd5WWqm7WcSvTJJrmS+d3TWA8FXzl:/yt5OTfWfCpvaTuzvPVqNPviDWA8hZ

Entry address:

0x3BC8

Entry point:

81, EC, CC, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, BF, 00, A2, 40, 00, 59, 89, 6C, 24, 10, 8B, DD, 8B, F1, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, A8, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 84, 26, 7F, 00, E8, A4, 33, 00, 00, 55, 68, B4, 02, 00, 00, A3, 10, A6, 7E, 00, 8D, 44, 24, 30, 50, 55, 68, 88, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 8C, A2, 40, 00, 68, 20, A6, 7E, 00, E8, 57, 37, 00, 00, FF, 15, A0, 90, 40, 00, 50, 68, A0, 30, 84, 00, E8, 46, 37, 00, 00, 55, FF, 15, BC... 
[+]

Entropy:

7.9085

Packer / compiler:

Nullsoft install system v2.x

Code size:

30 KB (30,720 bytes)

Program Uninstaller

Program name:

Browser Toolbox

Display publisher:

Browser Toolbox

Display version:

2.0.5973.3864

Uninstall string:

"C:\Program Files (x86)\Browser Toolbox\uninstaller.exe"

Remove uninstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.