home

uninstaller.exe

Roll Around

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application uninstaller.exe by Roll Around has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Roll Around by Roll Around. This file is typically installed with the program Roll Around by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Roll Around  (signed and verified)

Version:
2.0.5542.29831

MD5:
6c9354cd3fc58a5af444509f433ca041

SHA-1:
579e604e9bfc682fb3bbcd092c781a7f6abd5e98

SHA-256:
5b267c701794dc95497c2fe29ec60894ce6787246fb66d103a6a3da99ace592f

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 11:44:25 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3179

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15612

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Yontoo.1735
9.0.1.0163

G Data
Win32.Adware.StrongSignal
15.6.25

herdProtect (fuzzy)
variant of 5c01473a_stp.exe (Adware)
2015.6.12.15

Reason Heuristics
PUP.Installer.Yontoo
15.3.5.23

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4741131
38552

File size:
307.4 KB (314,808 bytes)

Product version:
2015.03.05

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\Program Files\roll around\uninstaller.exe

Digital Signature
Signed by:
Roll Around

Authority:
VeriSign, Inc.

Valid from:
12/21/2014 7:00:00 PM

Valid to:
12/22/2015 6:59:59 PM

Subject:
CN=Roll Around, O=Roll Around, L=Los Angeles, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
02A1223E320B2EC6C2C8789B5CB4BB4B

File PE Metadata
Compilation timestamp:
6/4/2014 7:58:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:3Q34WRnM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2P:l2nM3D0Fw/tN8dkmLtpHHHrh7w

Entry address:
0x31E4

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 6C, 44, 00, E8, 1B, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 6B, 44, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, 2B, 44, 00, E8, 0D, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, F0, 46, 00, 57, E8, FB, 23, 00, 00...
 
[+]

Entropy:
7.9390

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Program Uninstaller
Program name:
Roll Around

Display publisher:
Roll Around

Display version:
2.0.5542.29831

Uninstall string:
"C:\Program Files (x86)\Roll Around\uninstaller.exe"


The file uninstaller.exe has been discovered within the following program.

Roll Around  by Yontoo Technology, Inc.
Roll Around is an adware program that installs as a web browser plugin to inject and display advertisements.
www.rollaround.net/support
79% remove it
 
Powered by Should I Remove It?

Remove uninstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.