uninstaller.exe

Deals Avenue

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application uninstaller.exe by Deals Avenue has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program Deals Avenue by Deals Avenue.
Publisher:
Deals Avenue  (signed and verified)

Version:
2.0.5640.6664

MD5:
051b29c0c5b3d00597db104666d8a271

SHA-1:
167c7a5f8330bb7d33eec1f1b7740b1efcd1dbfd

SHA-256:
087ce99b7e918a96f71800c3cc089697d5c780070a6759fa49a09df2457e92aa

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
9/27/2020 6:15:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.2.27.1

File size:
305.5 KB (312,832 bytes)

Product version:
2015.06.11

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Program Files\deals avenue\uninstaller.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/24/2015 12:00:00 PM

Valid to:
3/24/2016 11:59:59 AM

Subject:
CN=Deals Avenue, O=Deals Avenue, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
648733A3F72E1C21B8C14F513D0F4F45

File PE Metadata
Compilation timestamp:
6/4/2014 11:58:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x31E4

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 6C, 44, 00, E8, 1B, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 6B, 44, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, 2B, 44, 00, E8, 0D, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, F0, 46, 00, 57, E8, FB, 23, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Program Uninstaller
Program name:
Deals Avenue

Display publisher:
Deals Avenue

Display version:
2.0.5640.6664

Uninstall string:
"C:\Program Files\Deals Avenue\uninstaller.exe"


Remove uninstaller.exe - Powered by Reason Core Security