home

pageragesetup.exe

Theme Your World

Theme Your World LLC

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application pageragesetup.exe by Theme Your World has been detected as adware by 13 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from download.pagerage.com. While running, it connects to the Internet address api.yontoo.com on port 80 using the HTTP protocol.
Publisher:
Theme Your World LLC  (signed and verified)

Product:
Theme Your World

Description:
Installer

Version:
2011.8.19.1358

MD5:
447b0d87728fff87b5b6b97f83b8d445

SHA-1:
85f286d9f65f5489a67dcac9374d6253ba880ef7

SHA-256:
b32a69803026bd3e28338dff0f1359e4dc7e30a17be51b3a6aa0d3935b2173cc

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
1/11/2025 5:31:07 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Yontoo
7.1.1

Avira AntiVirus
Adware/MQIIMIX.A
7.11.183.134

Baidu Antivirus
Adware.Win32.Yontoo
4.0.3.15417

Comodo Security
UnclassifiedMalware
20007

Dr.Web
Adware.Plugin.8
9.0.1.0107

ESET NOD32
Win32/Adware.Yontoo (variant)
9.10682

Fortinet FortiGate
Riskware/EBTXGP
4/17/2015

F-Prot
W32/Adware.B.gen
v6.4.7.1.166

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
Threat.Installer.ThemeYourWorld
15.4.17.11

Rising Antivirus
PE:Trojan.Win32.Generic.1525A7D0!354789328
23.00.65.15415

VIPRE Antivirus
Yontoo
34568

Zillya! Antivirus
Trojan.Agent2.Win32.25364
2.0.0.1976

File size:
1.2 MB (1,270,624 bytes)

Product version:
1.00

Copyright:
Copyright (c) 2011 Theme Your World LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pageragesetup.exe

Digital Signature
Signed by:
Theme Your World LLC

Authority:
GoDaddy.com, Inc.

Valid from:
5/9/2011 2:38:01 PM

Valid to:
5/9/2012 2:38:01 PM

Subject:
CN=Theme Your World LLC, O=Theme Your World LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
080229C2AD472D

File PE Metadata
Compilation timestamp:
3/10/2011 9:55:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:ObfU+0chiHcLae+m9fbKD9rRQHezpqJUPdllrlpsxLRAL1eEQvtAQkI26KZeTTJj:Pdc8uQm9fOzEpJUPHlJkLRkQFAQh2BZS

Entry address:
0x1627

Entry point:
55, 8B, EC, 81, EC, 58, 0B, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, A8, F4, FF, FF, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 70, 30, 40, 00, 89, 45, F8, 8D, 85, B8, FC, FF, FF, 50, C7, 85, B8, FC, FF, FF, 14, 01, 00, 00, FF, 15, 6C, 30, 40, 00, 85, C0, 75, 21, FF, 15, 14, 30, 40, 00, 50, 68, 30, 34, 40, 00, E8, 40, FA, FF, FF, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, C5, 01, 00, 00, 68, 1C, 34, 40, 00, 68, 0C, 34, 40, 00, FF, 15, 68, 30, 40, 00, 50, FF, 15, 64, 30, 40, 00, 3B...
 
[+]

Entropy:
7.9966

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file pageragesetup.exe has been seen being distributed by the following URL.

http://download.pagerage.com/PageRageSetup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wac.edgecastcdn.net  (72.21.81.13:80)

TCP (HTTP):
Connects to service.yontoo.com  (8.25.35.148:80)

TCP (HTTP):
Connects to api.yontoo.com  (8.25.35.15:80)

Remove pageragesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.