advanceeliteun.exe

TasticSurf

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application advanceeliteun.exe by TasticSurf has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program AdvanceElite by AdvanceElite. The file has been seen being downloaded from install.advanceelite.com.
Publisher:
TasticSurf  (signed and verified)

Version:
1.0.0.0

MD5:
eda927f78ddb019626d0992a92ac448b

SHA-1:
a846c14e4417b273d88e2a751383e5a59d120788

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/27/2024 4:45:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo.TasticSu (M)
16.3.28.14

File size:
556.2 KB (569,584 bytes)

Product version:
1.0.0.0

Original file name:
AdvanceElite Uninstaller.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\advanceelite\advanceeliteun.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/4/2014 1:00:00 AM

Valid to:
1/4/2016 12:59:59 AM

Subject:
CN=TasticSurf, O=TasticSurf, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6D2C37BF960997763055AC9274C52D6C

File PE Metadata
Compilation timestamp:
11/17/2014 4:57:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:KPzDqjbMY+ZRo+aR30AA1907ljSPF6DB7ap0hpv1GWF:z+a/8Vp0hhQWF

Entry address:
0x891EC

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 10, 13, 00, 80, 10, 00, 00, 00, 8A, 13, 00, 80, 18, 00, 00, 00, 52, 16, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 02, 00, 00, 00, 60, 00, 00, 80, 03, 00, 00, 00, AC, 01, 00, 80, 04, 00, 00, 00, 38, 07, 00, 80, 05, 00, 00, 00, 44, 0A, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
540.5 KB (553,472 bytes)

Program Uninstaller
Program name:
AdvanceElite

Display publisher:
AdvanceElite

Display version:
2014.10.20.095910

Uninstall string:
C:\Program Files\AdvanceElite\AdvanceEliteUn.exe OFS_


The file advanceeliteun.exe has been seen being distributed by the following URL.

http://install.advanceelite.com/ud

Remove advanceeliteun.exe - Powered by Reason Core Security