» uninstaller.exe
Overview
Analysis
File Details
Behaviors (1)

uninstaller.exe

Central Icon

The application uninstaller.exe by Central Icon has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Browser Toolbox by Browser Toolbox.

File name:

uninstaller.exe

Publisher:

Central Icon (signed and verified)

Version:

2.0.6002.41572

MD5:

74545c6706aaf4258db214672403a91a

SHA-1:

a9771c764ecce3ad80902736b706c3be90d2c997

SHA-256:

0a28a0cf6c5a1a500204f351c3d16820927c3783a07dc05a3a0743a9f7f39836

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 12:47:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo.CentralI.Installer.Meta (M)

16.6.10.12

File size:

363.9 KB (372,616 bytes)

Product version:

2016.06.07

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Program Files\browser toolbox\uninstaller.exe

Digital Signature

Signed by:

Central Icon

Authority:

VeriSign, Inc.

Valid from:

4/21/2016 5:00:00 PM

Valid to:

4/22/2017 4:59:59 PM

Subject:

CN=Central Icon, O=Central Icon, L=Escondido, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3D61C9511F3B498085B072BF944CDC28

File PE Metadata

Compilation timestamp:

10/26/2015 1:23:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:NyXd51oETottWopfgpgPOz4dlzB/nuH+Ugn/+TKNG5aheP3U4znFAafDuxDCCuFT:Nyt5OpfKeOzC/nuH+Ugn/Vvi3U4zKafx

Entry address:

0x3BC8

Entry point:

81, EC, CC, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, BF, 00, A2, 40, 00, 59, 89, 6C, 24, 10, 8B, DD, 8B, F1, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, A8, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 84, 26, 7F, 00, E8, A4, 33, 00, 00, 55, 68, B4, 02, 00, 00, A3, 10, A6, 7E, 00, 8D, 44, 24, 30, 50, 55, 68, 88, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 8C, A2, 40, 00, 68, 20, A6, 7E, 00, E8, 57, 37, 00, 00, FF, 15, A0, 90, 40, 00, 50, 68, A0, 30, 84, 00, E8, 46, 37, 00, 00, 55, FF, 15, BC... 
[+]

Entropy:

7.9084

Packer / compiler:

Nullsoft install system v2.x

Code size:

30 KB (30,720 bytes)

Program Uninstaller

Program name:

Browser Toolbox

Display publisher:

Browser Toolbox

Display version:

2.0.6002.41572

Uninstall string:

"C:\Program Files (x86)\Browser Toolbox\uninstaller.exe"

Remove uninstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.