home

webporpoiseun.exe

Webporpoise

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application webporpoiseun.exe by Webporpoise has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program webporpoise by webporpoise. This file is typically installed with the program webporpoise by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
Webporpoise  (signed and verified)

Version:
1.0.0.0

MD5:
14fd133acf634dd0450c015c7429e993

SHA-1:
7121a08afe14b547cdf1a0b0bf3a0ed55fb4c920

SHA-256:
dd853daabfb1115465fd3cff8f3b3da95ab9faf0a5234c746086ff587f41fe4e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
4/23/2024 10:43:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo.Webporpoise (M)
15.12.22.20

File size:
534.8 KB (547,616 bytes)

Product version:
1.0.0.0

Original file name:
webporpoise Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\webporpoise\webporpoiseun.exe

Digital Signature
Signed by:
Webporpoise

Authority:
VeriSign, Inc.

Valid from:
3/13/2014 8:00:00 PM

Valid to:
3/14/2015 7:59:59 PM

Subject:
CN=Webporpoise, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Webporpoise, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
77E73438E8DB62CBB923965C646E769F

File PE Metadata
Compilation timestamp:
11/11/2014 1:43:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:SPzDqjMLbKDerHgEAW190lBynrpghCv+1vs:MEFhjMpghcus

Entry address:
0x83B62

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
519 KB (531,456 bytes)

Program Uninstaller
Program name:
webporpoise

Display publisher:
webporpoise

Display version:
2014.05.03.021147

Uninstall string:
C:\Program Files (x86)\webporpoise\webporpoiseUn.exe OFS_


The file webporpoiseun.exe has been discovered within the following program.

webporpoise  by Yontoo Technology, Inc.
webporpoise is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
webporpoise.biz/support
80% remove it
 
Powered by Should I Remove It?

Remove webporpoiseun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.