» uninstaller.exe
Overview
Analysis
File Details
Behaviors (1)

uninstaller.exe

Treasure Track

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application uninstaller.exe by Treasure Track has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Treasure Track by Treasure Track. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

uninstaller.exe

Publisher:

Treasure Track (signed and verified)

Version:

2.0.5726.8421

MD5:

377902a022a4ff618628552b691f24a5

SHA-1:

c15e1a358a84bf9d8f867e0451adea4f33116aa5

SHA-256:

96d13246b6be4a54fb9c4844d3328c1da411c1bbad2058f3f59ee5b84ea49369

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/26/2024 11:21:27 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/BrowseFox.Gen

8.3.2.2

Clam AntiVirus

Win.Adware.Browsefox-725

0.98/20897

K7 AntiVirus

Riskware

13.2017124

Malwarebytes

PUP.Optional.TreasureTrack

v2015.09.05.04

SUPERAntiSpyware

PUP.BrowseFox/Variant

9648

File size:

306.1 KB (313,464 bytes)

Product version:

2015.09.05

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Digital Signature

Signed by:

Treasure Track

Authority:

VeriSign, Inc.

Valid from:

6/19/2015 2:00:00 AM

Valid to:

6/19/2016 1:59:59 AM

Subject:

CN=Treasure Track, O=Treasure Track, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

75A0C0F9F8AF9D6ACCE462BEDB17C534

File PE Metadata

Compilation timestamp:

6/5/2014 1:58:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:CQ3Vw2snM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2:1WnM3D0Fw/tN8dkmLtpHHHrh7

Entry address:

0x31E4

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 6C, 44, 00, E8, 1B, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 6B, 44, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, 2B, 44, 00, E8, 0D, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, F0, 46, 00, 57, E8, FB, 23, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Program Uninstaller

Program name:

Treasure Track

Display publisher:

Treasure Track

Display version:

2.0.5726.8421

Uninstall string:

"H:\Program\Treasure Track\uninstaller.exe"

Remove uninstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.