home

appbuduninstall.exe

App Bud

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application appbuduninstall.exe by App Bud has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program App Bud by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
App Bud  (signed and verified)

MD5:
99fdb92e3f407cd4b737a7ff68fba957

SHA-1:
bf49a53210eccc10008ce1d9c879df03183f6724

SHA-256:
d00a82bbc48d9955891046f716c5cecc1a45ed3dae0b281e8a05fbab748c8cd8

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
4/29/2024 6:33:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.3.11.0

File size:
254 KB (260,064 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Program Files\app bud\appbuduninstall.exe

Digital Signature
Signed by:
App Bud

Authority:
VeriSign, Inc.

Valid from:
7/29/2014 5:30:00 AM

Valid to:
7/30/2015 5:29:59 AM

Subject:
CN=App Bud, O=App Bud, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0A0CA50CF2224C71789EEF06C8E73F38

File PE Metadata
Compilation timestamp:
12/6/2009 4:22:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 6F, 44, 00, E8, F1, 2B, 00, 00, A3, 84, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 2E, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8684

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file appbuduninstall.exe has been discovered within the following program.

App Bud  by Yontoo Technology, Inc.
App Bud is an adware web browser extension that is display banners ads as well as contextual link ads . The ads are injected by the web browser plugin (IE, FF and Chrome) and will display on any web site, even those not associated or affiliated with the publisher.
appbud.net/support
88% remove it
 
Powered by Should I Remove It?

Remove appbuduninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.