» ravingreyvenun.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

ravingreyvenun.exe

raving reyven

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application ravingreyvenun.exe by raving reyven has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program raving reyven by raving reyven. This file is typically installed with the program raving reyven by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

ravingreyvenun.exe

Publisher:

raving reyven (signed and verified)

Version:

1.0.0.0

MD5:

d3ca4c72e891694c5cefe11ba50cb801

SHA-1:

863232c578edb590cbb7d5354d42388a09eceb39

SHA-256:

63311a0900d8c9fa19eb98245b316dcec0839ec78454cfa0989fe8081c9be608

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

11/12/2024 7:02:53 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo (M)

17.2.23.17

File size:

534.3 KB (547,112 bytes)

Product version:

1.0.0.0

Original file name:

raving reyven Uninstaller.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\raving reyven\ravingreyvenun.exe

Digital Signature

Signed by:

raving reyven

Authority:

VeriSign, Inc.

Valid from:

1/23/2014 1:00:00 AM

Valid to:

1/24/2015 12:59:59 AM

Subject:

CN=raving reyven, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=raving reyven, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1F869F0BA331D57B7D5A549783E5CA43

File PE Metadata

Compilation timestamp:

11/11/2014 7:42:07 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x839C0

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 10, 13, 00, 80, 10, 00, 00, 00, 8A, 13, 00, 80, 18, 00, 00, 00, 52, 16, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

518.5 KB (530,944 bytes)

Program Uninstaller

Program name:

raving reyven

Display publisher:

raving reyven

Display version:

2014.05.10.044622

Uninstall string:

C:\Program Files (x86)\raving reyven\ravingreyvenUn.exe OFS_

The file ravingreyvenun.exe has been discovered within the following program.

raving reyven by Yontoo Technology, Inc.

From Yontoo's License Agreement: "The Software is supported by several forms of advertising, which will be displayed as you use your browsers, including, without limitation, banner and video ads, in-text ads and links, web browsing-related ads, interstitial, transitional, search, and full page ads.

ravingreyven.mobi/support

88% remove it

Remove ravingreyvenun.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.