woodensealuninstall.exe

Wooden Seal

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application woodensealuninstall.exe by Wooden Seal has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Wooden Seal by Wooden Seal.
Publisher:
Wooden Seal  (signed and verified)

MD5:
c2bace78120e4523876037fd6e7e70ef

SHA-1:
50ee45ddf11a7e138bffaec6f70e9d6cc4e82ecf

SHA-256:
a878ffec2940fb0eef05f0432d165d5c4b136ce1c30009f6c2bdd68b9e413fbb

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/5/2024 10:27:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.3.10.20

File size:
243.1 KB (248,952 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Program Files\wooden seal\woodensealuninstall.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/14/2015 4:00:00 PM

Valid to:
1/15/2016 3:59:59 PM

Subject:
CN=Wooden Seal, O=Wooden Seal, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
55680C612B31A22AA15004D7A2490924

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 6F, 44, 00, E8, F1, 2B, 00, 00, A3, 84, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 2E, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8628

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Program Uninstaller
Program name:
Wooden Seal

Display publisher:
Wooden Seal

Display version:
2015.08.28.120703

Uninstall string:
C:\Program Files\Wooden Seal\WoodenSealuninstall.exe


Remove woodensealuninstall.exe - Powered by Reason Core Security