yontoouninstaller.exe

Yontoo LLC

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application yontoouninstaller.exe by Yontoo has been detected as adware by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dl.yontoo.com.
Publisher:
Yontoo  (signed by Yontoo LLC)

Description:
Uninstaller

Version:
1.0.0.0

MD5:
f473f6e32b773edee97950d2746fd088

SHA-1:
d731cb163053c8aa1e8afcaa0da902f3752ed76a

SHA-256:
2e6291b269e02d18f5d665833a9db5cc05790816ce43572693fcf17511a4d545

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/23/2024 9:32:13 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
AdInject.Yontoo
2014.0.3616

Reason Heuristics
PUP.Installer.Yontoo.R
14.8.7.17

Trend Micro House Call
TROJ_GEN.F47V1220
7.2.357

VIPRE Antivirus
Yontoo
24638

File size:
511.3 KB (523,552 bytes)

Product version:
1.0.0.0

Original file name:
Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/24/2012 2:00:00 AM

Valid to:
12/24/2013 12:59:59 AM

Subject:
CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4A49FB7E6B0BCF398A1ACF39EA80D982

File PE Metadata
Compilation timestamp:
12/19/2013 4:28:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:/0cr7F5kpxs2JEAdzhUpw98JEqAG0kTkOZes04haZ5l5fp6IrYdAxVtMQr0tZ5/L:coQiaEnCnu2fAdANQr5uYflM4

Entry address:
0x7DCEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
495.5 KB (507,392 bytes)

The file yontoouninstaller.exe has been seen being distributed by the following URL.

Remove yontoouninstaller.exe - Powered by Reason Core Security