home

yusetup7.exe

Your Uninstaller! 7

URSoft, Inc.

The application yusetup7.exe, “Your Uninstaller! 7 Setup ” by URSoft has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
URSoft, Inc.   (signed by URSoft, Inc.)

Product:
Your Uninstaller! 7

Description:
Your Uninstaller! 7 Setup

Version:
7.5.2013.2

MD5:
e2f1564efc77627e3a1f84c853057b1a

SHA-1:
1eef66b41282fe2fa03f5d1e61f94e5078ef3ae0

SHA-256:
a5f2eeda43b4271316f1880cac2e1704a1c4da1cee8c2e826edbaa5d4541c43d

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/19/2024 1:03:28 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.1624

Bkav FE
W32.Clodd27.Trojan
1.3.0.4959

Dr.Web
Adware.Babylon.10
9.0.1.035

ESET NOD32
Win32/Toolbar.Babylon (variant)
10.10489

K7 AntiVirus
Trojan
13.176.11595

McAfee
Artemis!C58BD0DD45D8
5600.6500

NANO AntiVirus
Trojan.Win32.Babylon.csuksh
0.28.2.62440

Reason Heuristics
PUP.Optional.URSoft.Installer
16.2.4.1

Trend Micro House Call
TROJ_GEN.F47V0328
7.2.35

File size:
7.6 MB (7,940,096 bytes)

Product version:
7.5.2013.2

Copyright:
Copyright © 1998-2012 URSoft, Inc.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
URSoft, Inc.

Authority:
COMODO CA Limited

Valid from:
3/5/2012 4:00:00 PM

Valid to:
3/6/2015 3:59:59 PM

Subject:
CN="URSoft, Inc.", O="URSoft, Inc.", STREET=7241 W. Addison, L=Chicago, S=IL, PostalCode=60634, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2D52C7CF5E69A633AC3AED0E78F988DC

File PE Metadata
Compilation timestamp:
12/25/2011 1:18:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:lIJ8NWpgGeDIDZp3BFG6UHgC3LXCuGrG8YON7eYu:GJPgMFBFG5HZ3LkG

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, B0, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, B0, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.9869

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

Remove yusetup7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.