YontooUninstaller.exe

Yontoo LLC

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application YontooUninstaller.exe by Yontoo has been detected as adware by 18 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs.
Publisher:
Yontoo LLC  (signed and verified)

MD5:
2530e5d035047b8533401512fdef9060

SHA-1:
b43ff7c5e0f001e61a0928c4620a1daab3dbc8be

SHA-256:
c5f3e266e4451cf800d440b862632260555716a7a577e6d5fb67202383aeed70

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/23/2024 10:32:24 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Yontoo
7.1.1

Avira AntiVirus
ADWARE/Yontoo.Gen
7.11.121.86

Baidu Antivirus
AdWare.Win32.Yontoo
4.0.3.131126

Bkav FE
HW32.Laneul
1.3.0.4246

Boost by Reason
Trojan.Adw.Yontoo.R
2013.8.27.18

Comodo Security
ApplicUnwnt.Win32.AdWare.Yontoo.~
17483

Dr.Web
Adware.Siggen.24249
9.0.1.0239

ESET NOD32
Win32/Adware.Yontoo
7.9190

IKARUS anti.virus
AdWare.Yontoo
t3scan.2.2.29

Malwarebytes
PUP.Optional.Tarma.A
v2013.08.27.06

McAfee
Artemis!2530E5D03504
5600.7180

NANO AntiVirus
Trojan.Win32.Yontoo.zkelo
0.28.0.57029

Panda Antivirus
Adware/WebCake
13.11.26.03

Reason Heuristics
PUP.Yontoo.R
14.8.7.17

Rising Antivirus
Trojan.InstallRex!562A
23.00.65.13825

Trend Micro House Call
ADW_YONTOO
7.2.239

Trend Micro
ADW_YONTOO
10.465.27

VIPRE Antivirus
Yontoo
24644

File size:
1 MB (1,056,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\yontoouninstaller.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/9/2011 12:10:37 PM

Valid to:
5/9/2012 12:10:37 PM

Subject:
CN=Yontoo LLC, O=Yontoo LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07E1F9EBCCC1AC

File PE Metadata
Compilation timestamp:
3/14/2010 11:27:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:zutr5OUpn4SK/wbhlsdf6YSsjkV0OJz274v/ihygAx7SX9WXg17G:zuX6mvsBR1jkV9JzM4va0D4cuG

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.9239  (probably packed)

Code size:
66 KB (67,584 bytes)

The file YontooUninstaller.exe has been seen being distributed by the following URL.

Remove YontooUninstaller.exe - Powered by Reason Core Security