home

uninstaller.exe

Golden Dock

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application uninstaller.exe by Golden Dock has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Results Hub by Results Hub. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Golden Dock  (signed and verified)

Version:
2.0.5758.33717

MD5:
2cd1e5c19f12d65cf189b3d06a0d6787

SHA-1:
2df367ab43ac8014a76993f93dc331094925f4e2

SHA-256:
477d3e6cbafde613432b79548310536cf3113595e610d4baab8d8dcc2d8e9526

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 10:51:00 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen
8.3.2.4

Arcabit
PUP.Adware.BrowseFox
1.0.0.624

AVG
Generic
2016.0.2909

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15121

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Adware.Browsefox-725
0.98/21511

Dr.Web
Trojan.Yontoo.2465
9.0.1.0335

K7 AntiVirus
Unwanted-Program
13.212.17997

Kaspersky
not-a-virus:AdWare.NSIS.BrowseFox
14.0.0.1039

Malwarebytes
PUP.Optional.Yontoo
v2015.12.01.06

NANO AntiVirus
Trojan.Win32.Yontoo.dxemcv
0.30.26.4751

Panda Antivirus
Generic Suspicious
15.12.01.06

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Yontoo.GoldenDock.Installer (M)
15.12.1.6

Rising Antivirus
PE:Adware.BrowseFox!1.A1B7 [F]
23.00.65.151129

Sophos
Generic PUA CN (PUA)
4.98

SUPERAntiSpyware
PUP.BrowseFox/Variant
9474

Trend Micro
TROJ_GEN.R031C0OKD15
10.465.01

VIPRE Antivirus
Adware.BrowseFox
45484

File size:
305.8 KB (313,128 bytes)

Product version:
2015.10.07

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\Program Files\results hub\uninstaller.exe

Digital Signature
Signed by:
Golden Dock

Authority:
VeriSign, Inc.

Valid from:
7/8/2015 5:00:00 PM

Valid to:
7/8/2016 4:59:59 PM

Subject:
CN=Golden Dock, O=Golden Dock, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0B58D134BC7841B7C3E6D5FE14474DDC

File PE Metadata
Compilation timestamp:
6/4/2014 4:58:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:jQ3azUnM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2qW:LQnM3D0Fw/tN8dkmLtpHHHrh7BW

Entry address:
0x31E4

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 6C, 44, 00, E8, 1B, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 6B, 44, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, 2B, 44, 00, E8, 0D, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, F0, 46, 00, 57, E8, FB, 23, 00, 00...
 
[+]

Entropy:
7.9379

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Program Uninstaller
Program name:
Results Hub

Display publisher:
Results Hub

Display version:
2.0.5758.33717

Uninstall string:
"C:\Program Files (x86)\Results Hub\uninstaller.exe"


Remove uninstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.