» uninstaller.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

uninstaller.exe

Wander Burst

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application uninstaller.exe by Wander Burst has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Wander Burst by Wander Burst. Additionally, the file is typically installed by a number of programs including Wander Burst by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

uninstaller.exe

Publisher:

Wander Burst (signed and verified)

Version:

2.0.5693.6081

MD5:

24d6cc65c22e659a8dc40a71b93a9b03

SHA-1:

875426d8f294b1ce042a7da514df7695d11cbeee

SHA-256:

b679c6a0c9b39a639d15130f448f38c6713c7f2f936f91d2e4f95e2d5f84c037

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

5/10/2024 4:06:16 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/BrowseFox.Gen

8.3.1.6

AVG

Generic

2016.0.3028

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.1584

Bkav FE

W32.HfsAdware

1.3.0.6979

Clam AntiVirus

Win.Adware.Browsefox-725

0.98/21511

Dr.Web

Trojan.Yontoo.2167

9.0.1.0216

ESET NOD32

Win32/BrowseFox.AZ potentially unwanted

9.12035

herdProtect (fuzzy)

variant of 26618c40_stp.exe (Adware)

2015.9.9.20

K7 AntiVirus

Riskware

13.207.16765

Malwarebytes

PUP.Optional.WanderBurst.A

v2015.08.04.09

Reason Heuristics

PUP.Yontoo.WanderBurst.Installer (M)

15.8.4.9

File size:

308.1 KB (315,520 bytes)

Product version:

2015.08.03

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Program Files\wander burst\uninstaller.exe

Digital Signature

Signed by:

Wander Burst

Authority:

VeriSign, Inc.

Valid from:

6/19/2015 1:00:00 AM

Valid to:

6/19/2016 12:59:59 AM

Subject:

CN=Wander Burst, O=Wander Burst, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4A9C9001F9FFB60F7F507CDFCDC1B744

File PE Metadata

Compilation timestamp:

6/5/2014 12:58:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:gQ38SANunM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2m6ak6:+SDnM3D0Fw/tN8dkmLtpHHHrh7s6

Entry address:

0x31E4

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 6C, 44, 00, E8, 1B, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 6B, 44, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, 2B, 44, 00, E8, 0D, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, F0, 46, 00, 57, E8, FB, 23, 00, 00... 
[+]

Entropy:

7.9385

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Program Uninstaller

Program name:

Wander Burst

Display publisher:

Wander Burst

Display version:

2.0.5693.6081

Uninstall string:

"C:\Program Files (x86)\Wander Burst\uninstaller.exe"

The file uninstaller.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Wander Burst by Yontoo Technology, Inc.

www.wanderburst.com/support

81% remove it

Remove uninstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.