» sharpangleuninstall.exe
Overview
Analysis
File Details
Behaviors (1)

sharpangleuninstall.exe

Sharp Angle

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application sharpangleuninstall.exe by Sharp Angle has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Sharp Angle by Sharp Angle. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

Sharp Angle (signed and verified)

MD5:

e45c00afe0daed57a7fb464fadaa38df

SHA-1:

53defe0da2d7baf00f7621b35f573489d3dabab1

SHA-256:

a6af6549bd874ab07acfaa2ced20708ecf2fccb1d93c09d307669b6c236dacb3

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/20/2024 3:03:13 AM UTC (today)

Scan engine

Detection

Engine version

AVG

BrowseFox

2016.0.3133

Dr.Web

infected with Trojan.Siggen6.33539

9.0.1.05190

NANO AntiVirus

Trojan.Nsis.BrowseFox.dnxihk

0.30.20.1219

Reason Heuristics

PUP.Yontoo.Installer

15.5.3.0

File size:

242.3 KB (248,136 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\sharp angle\sharpangleuninstall.exe

Digital Signature

Signed by:

Sharp Angle

Authority:

VeriSign, Inc.

Valid from:

3/18/2015 12:00:00 AM

Valid to:

3/17/2016 11:59:59 PM

Subject:

CN=Sharp Angle, O=Sharp Angle, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4FB63C66D49CC670D253C301F93C575B

File PE Metadata

Compilation timestamp:

12/5/2009 10:52:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:UZ+1145y/1RWBT5ACb99E5J0JSioEuR4UkwZm/G/HcTUv:k5s1s15P9E5kSUuR4Jp/G/8Qv

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 6F, 44, 00, E8, F1, 2B, 00, 00, A3, 84, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 2E, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8588

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Program Uninstaller

Program name:

Sharp Angle

Display publisher:

Sharp Angle

Display version:

2015.04.20.084940

Uninstall string:

C:\Program Files (x86)\Sharp Angle\SharpAngleuninstall.exe

Remove sharpangleuninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.