× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2cbf1f3d5ff59a9efa4ec5ae54b58c6451edc08f57f25bc97896de4741315cca
File name: 876413897FB86B3219226E977504DD12 - YontooSetup.exe
Detection ratio: 5 / 44
Analysis date: 2012-11-14 21:29:37 UTC ( 1 year, 5 months ago )
Antivirus Result Update
AntiVir Adware/Yontoo.E.1 20121114
Comodo UnclassifiedMalware 20121114
DrWeb Adware.Plugin.11 20121114
ESET-NOD32 a variant of Win32/Adware.Yontoo.B 20121114
VIPRE Yontoo (v) 20121114
AVG 20121114
Agnitum 20121114
AhnLab-V3 20121114
Antiy-AVL 20121113
Avast 20121114
BitDefender 20121114
ByteHero 20121110
CAT-QuickHeal 20121114
ClamAV 20121114
Commtouch 20121114
Emsisoft 20121114
F-Prot 20121114
F-Secure 20121114
Fortinet 20121114
GData 20121114
Ikarus 20121114
Jiangmin 20121114
K7AntiVirus 20121114
Kaspersky 20121114
Kingsoft 20121112
McAfee 20121114
McAfee-GW-Edition 20121114
MicroWorld-eScan 20121114
Microsoft 20121114
Norman 20121114
PCTools 20121114
Panda 20121114
Rising 20121114
SUPERAntiSpyware 20121114
Sophos 20121114
Symantec 20121114
TheHacker 20121113
TotalDefense 20121114
TrendMicro 20121114
TrendMicro-HouseCall 20121114
VBA32 20121114
ViRobot 20121114
eSafe 20121112
nProtect 20121114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (c) 2011 Yontoo LLC. All rights reserved.

Publisher Yontoo LLC
Product Yontoo
Internal name TSULoader
File version 2011.12.22.1124
Description Installer
Comments WinNT (x86) Unicode
Signing date 3:22 AM 2/5/2012
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-11 02:55:32
Entry Point 0x00001627
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
CreateFileMappingW
OutputDebugStringW
GetSystemInfo
GetModuleFileNameW
GetVersionExW
GetExitCodeProcess
ExitProcess
GetFileAttributesW
lstrlenW
GetFileSize
SetFileTime
GetCommandLineW
MultiByteToWideChar
DeleteFileW
lstrcatW
GetProcessHeap
lstrcpynW
SetFilePointer
MapViewOfFile
GetModuleHandleA
ReadFile
GetTempPathW
CloseHandle
GetModuleHandleW
UnmapViewOfFile
WriteFile
CreateFileW
Sleep
SetFileAttributesW
HeapAlloc
GetProcAddress
GetCurrentProcessId
ShellExecuteExW
wvsprintfW
MessageBoxW
PeekMessageW
wsprintfW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
ExifTool file metadata
SubsystemVersion
4.0

Comments
WinNT (x86) Unicode

LinkerVersion
8.0

Loader
n'PackageCode

ImageVersion
6.0

ProductName
Yontoo

FileVersionNumber
2011.12.22.1124

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
11776

MIMEType
application/octet-stream

FileVersion
2011.12.22.1124

TimeStamp
2011:03:11 02:55:32+00:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Installer

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Yontoo LLC

CodeSize
7680

FileSubtype
0

ProductVersionNumber
1.10.2.0

EntryPoint
0x1627

ObjectFileType
Executable application

File identification
MD5 7fb2e8450fd8fced99d908e11a4b5976
SHA1 314c9e8ae8f5482a2030b8862aeb0d12743dd0bc
SHA256 2cbf1f3d5ff59a9efa4ec5ae54b58c6451edc08f57f25bc97896de4741315cca
ssdeep
24576:gbfU+CBulfOTubNrKSkMl74yltDPkQdizG+d:d7By6uZK3qtDBkh

File size 794.9 KB ( 813936 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe signed

VirusTotal metadata
First submission 2012-01-03 15:02:55 UTC ( 2 years, 3 months ago )
Last submission 2012-11-14 21:29:37 UTC ( 1 year, 5 months ago )
File names YontooSetup.exe
876413897FB86B3219226E977504DD12 - YontooSetup.exe
TSULoader
314c9e8ae8f5482a2030b8862aeb0d12743dd0bc.bin
29D66764706833A86BB30C95B6E41C0009DC5E4E.exe
13264743283857636969
314C9E8AE8F5482A2030B8862AEB0D12743DD0BC
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!