» uninstaller.exe
Overview
Analysis
File Details
Behaviors (1)

uninstaller.exe

Central Icon

The application uninstaller.exe by Central Icon has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Browser Toolbox by Browser Toolbox.

File name:

uninstaller.exe

Publisher:

Central Icon (signed and verified)

Version:

2.0.5973.11171

MD5:

b081e05ad0314ef1adefb136faa42ce7

SHA-1:

8c837df58558de85493bfc0e185705bd0cecc8db

SHA-256:

1b850f238590157011b2faee6c4ab679ca16fa423d9618f77c99650c61e649d0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 12:58:20 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo.CentralI.Installer.Meta (M)

16.6.27.18

File size:

364.1 KB (372,840 bytes)

Product version:

2016.05.09

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Program Files\browser toolbox\uninstaller.exe

Digital Signature

Signed by:

Central Icon

Authority:

VeriSign, Inc.

Valid from:

4/21/2016 7:00:00 PM

Valid to:

4/22/2017 6:59:59 PM

Subject:

CN=Central Icon, O=Central Icon, L=Escondido, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3D61C9511F3B498085B072BF944CDC28

File PE Metadata

Compilation timestamp:

10/26/2015 3:23:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:uyXd51oE7ottWoUfwlPawgMdZVHucGjwxp2DYrVdf1Yz4OgC6ZFCzjE176qN:uyt5O0fEPaPMlHuc2IfODd6ZFmjS76qN

Entry address:

0x3BC8

Entry point:

81, EC, CC, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, BF, 00, A2, 40, 00, 59, 89, 6C, 24, 10, 8B, DD, 8B, F1, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, A8, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 84, 26, 7F, 00, E8, A4, 33, 00, 00, 55, 68, B4, 02, 00, 00, A3, 10, A6, 7E, 00, 8D, 44, 24, 30, 50, 55, 68, 88, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 8C, A2, 40, 00, 68, 20, A6, 7E, 00, E8, 57, 37, 00, 00, FF, 15, A0, 90, 40, 00, 50, 68, A0, 30, 84, 00, E8, 46, 37, 00, 00, 55, FF, 15, BC... 
[+]

Entropy:

7.9082

Packer / compiler:

Nullsoft install system v2.x

Code size:

30 KB (30,720 bytes)

Program Uninstaller

Program name:

Browser Toolbox

Display publisher:

Browser Toolbox

Display version:

2.0.5973.11171

Uninstall string:

"C:\Program Files\Browser Toolbox\uninstaller.exe"

Remove uninstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.