home

browsergoodun.exe

Browser Good

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application browsergoodun.exe by Browser Good has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program Browser Good by Browser Good. The file has been seen being downloaded from install.browsergood.info.
Publisher:
Browser Good  (signed and verified)

Version:
1.0.0.0

MD5:
4dadb05581e3196c04ad34b8e9bd7432

SHA-1:
3380ef5d2cda2c951afa5b093932f72288db073b

SHA-256:
7e89f80063e3130424ed93284b1395beb5b5c095153b5db962bab391af7f7635

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/24/2024 12:59:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo.BrowserGood (M)
16.2.23.1

File size:
555.2 KB (568,568 bytes)

Product version:
1.0.0.0

Original file name:
Browser Good Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\browser good\browsergoodun.exe

Digital Signature
Signed by:
Browser Good

Authority:
VeriSign, Inc.

Valid from:
11/19/2014 10:00:00 PM

Valid to:
11/20/2015 9:59:59 PM

Subject:
CN=Browser Good, O=Browser Good, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
415A9A4B07BAA4A4F09FB5982A7CFAFB

File PE Metadata
Compilation timestamp:
3/20/2015 11:50:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:yPzDmjrr+0krDo5v3FeRRvmBpZhIv1i4x:burDQsRRQpZhidx

Entry address:
0x88CDF

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
539.5 KB (552,448 bytes)

Program Uninstaller
Program name:
Browser Good

Display publisher:
Browser Good

Display version:
2015.04.15.124916

Uninstall string:
C:\Program Files (x86)\Browser Good\BrowserGoodUn.exe REP_


The file browsergoodun.exe has been seen being distributed by the following URL.

http://install.browsergood.info/ud

Remove browsergoodun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.