home

holdpageun.exe

Hold Page

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application holdpageun.exe by Hold Page has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Hold Page by Hold Page. The file has been seen being downloaded from install.holdingmypage.com.
Publisher:
Hold Page  (signed and verified)

Version:
1.0.0.0

MD5:
3428011d4504f386b0d5c8d7c58112da

SHA-1:
0d254efccd484057b607adb34c608382b07724fa

SHA-256:
a51159957c28f8898e226de2bd2ae531b7c1141db9151791ab6e5984a53e0160

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
4/30/2024 6:32:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo.HoldPage (M)
16.1.10.1

File size:
538.2 KB (551,152 bytes)

Product version:
1.0.0.0

Original file name:
Hold Page Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\hold page\holdpageun.exe

Digital Signature
Signed by:
Hold Page

Authority:
VeriSign, Inc.

Valid from:
9/2/2014 7:00:00 AM

Valid to:
9/3/2015 6:59:59 AM

Subject:
CN=Hold Page, O=Hold Page, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5097461A9471FDD2B020491B464CDCD9

File PE Metadata
Compilation timestamp:
12/3/2014 1:29:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:DPzDqjLskuXXezYSKIyAq190h6Ll3gT0CpthFvfkG:YQXe7rwLlOpthV8G

Entry address:
0x8486C

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1150

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
522.5 KB (535,040 bytes)

Program Uninstaller
Program name:
Hold Page

Display publisher:
Hold Page

Display version:
2014.11.29.002155

Uninstall string:
C:\Program Files (x86)\Hold Page\HoldPageUn.exe REP_


The file holdpageun.exe has been seen being distributed by the following URL.

http://install.holdingmypage.com/ud

Remove holdpageun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.