kingbrowseuninstall.exe

KingBrowse

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application kingbrowseuninstall.exe by KingBrowse has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program KingBrowse by KingBrowse. This file is typically installed with the program KingBrowse by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
KingBrowse  (signed and verified)

MD5:
e85662379ccb5ad39cbfc7400c95bf51

SHA-1:
91b4b741980b537319e69139b31a1941648a1dda

SHA-256:
9c6c2e548aec52642746a1f6b97e5885c595321fc60e38eed01e2d012b38b475

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the installer/uninstaller for the Yontoo branded (kingbrowse) adware program. The main protgram is desigend to deliver advertisements to the user's web browser through injection.

Analysis date:
11/23/2024 6:48:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.8.18

File size:
253.9 KB (259,952 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Program Files\kingbrowse\kingbrowseuninstall.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/9/2014 9:00:00 AM

Valid to:
1/10/2015 8:59:59 AM

Subject:
CN=KingBrowse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KingBrowse, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
670CAB2C338090653CEA8172D5DB1E34

File PE Metadata
Compilation timestamp:
12/6/2009 7:52:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 6F, 44, 00, E8, F1, 2B, 00, 00, A3, 84, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 2E, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8697

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Program Uninstaller
Program name:
KingBrowse

Display publisher:
KingBrowse

Display version:
2014.08.28.075737

Uninstall string:
C:\Program Files (x86)\KingBrowse\KingBrowseuninstall.exe


The file kingbrowseuninstall.exe has been discovered within the following program.

KingBrowse  by Yontoo Technology, Inc.
KingBrowse is an adware Internet toolbar/extension that will deliver ads to the browser on web pages that are not affiliated with the ads or the extension.
kingbrowse.co/support
80% remove it
 
Powered by Should I Remove It?

Remove kingbrowseuninstall.exe - Powered by Reason Core Security