uninstaller.exe

Kreapixel

The application uninstaller.exe, “Webplayer uninstall” by Kreapixel has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program Webplayer by Kreapixel which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Kreapixel  (signed and verified)

Description:
Webplayer uninstall

Version:
2.0.0.0

MD5:
8fc5a2f38eb3417e4fcaf1a347a8becd

SHA-1:
92ec90f2bccc35ae531cf3828eec24aa9b473d00

SHA-256:
3a4ba9cf434aef67a2ac568ff4ca5158aed4e55c0e1e87c65611827dd7805981

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/23/2024 6:09:45 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider.9
9.0.1.0355

Reason Heuristics
PUP.Kreapixel.L
14.3.2.16

File size:
507.7 KB (519,864 bytes)

Copyright:
Kreapixel inc.

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\uninstaller.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/28/2013 2:00:00 AM

Valid to:
4/29/2014 1:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:huIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLeOAtkBfLxb7b9P3HbADQ:E6Wq4aaE6KwyF5L0Y2D1PqLM+LxbJADQ

Entry address:
0xDBEB0

Entry point:
60, BE, 00, A0, 49, 00, 8D, BE, 00, 70, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file uninstaller.exe has been discovered within the following programs.

Webplayer  by Kreapixel
Webplayer is an adware program that integrates into the user's web browsers (IE, Chrome, Firefox) and will perform a number of functions mostly designed to generate advertising supported or affiliate revenue.
About 62% of users remove it
 
Powered by Should I Remove It?

The file uninstaller.exe has been seen being distributed by the following 2 URLs.

http://softs.illyx.com/setup/dl.php?l=regie/webplayer/fr/.../&telecharger=uninstall

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-50-63-202-9.ip.secureserver.net  (50.63.202.9:80)

Remove uninstaller.exe - Powered by Reason Core Security