× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2cbf1f3d5ff59a9efa4ec5ae54b58c6451edc08f57f25bc97896de4741315cca
File name: TSULoader
Detection ratio: 31 / 65
Analysis date: 2017-09-08 19:40:37 UTC ( 1 week, 3 days ago )
Antivirus Result Update
Antiy-AVL GrayWare[AdWare]/Win32.Yotoon.cztw 20170908
Avast FileRepMetagen [Adw] 20170908
AVG FileRepMetagen [Adw] 20170908
Avira (no cloud) ADWARE/Yontoo.Gen 20170908
AVware Yontoo (v) 20170906
ClamAV Win.Adware.Yontoo-11 20170908
Comodo UnclassifiedMalware 20170908
Cylance Unsafe 20170908
DrWeb Adware.Plugin.964 20170908
Endgame malicious (moderate confidence) 20170821
ESET-NOD32 a variant of Win32/Adware.Yontoo.B 20170908
Fortinet Riskware/Yontoo 20170908
GData Win32.Application.Agent.WKE0O8 20170908
Ikarus AdWare.Yontoo 20170908
Sophos ML heuristic 20170822
Kaspersky not-a-virus:AdWare.Win32.Yotoon.cztw 20170908
Malwarebytes PUP.Optional.Yontoo 20170908
McAfee Artemis!7FB2E8450FD8 20170908
McAfee-GW-Edition Artemis!PUP 20170908
NANO-Antivirus Riskware.Win32.Plugin.dtsizc 20170908
Qihoo-360 Win32/Trojan.845 20170908
Rising Trojan.Generic (cloud:20ZiJrt0MgJ) 20170908
SUPERAntiSpyware PUP.WebCake/Variant 20170908
Symantec SMG.Heur!gen 20170908
Tencent Win32.Trojan.Multiple.Ammk 20170908
TotalDefense Win32/Yontoo!generic 20170908
VIPRE Yontoo (v) 20170908
Webroot Pua.Yontoo 20170908
Yandex Adware.Yontoo!wyndF87Yrz8 20170908
Zillya Trojan.Agent2.Win32.25364 20170908
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.Yotoon.cztw 20170908
Ad-Aware 20170908
AegisLab 20170908
AhnLab-V3 20170908
Alibaba 20170908
ALYac 20170908
Arcabit 20170908
Baidu 20170908
BitDefender 20170908
Bkav 20170908
CAT-QuickHeal 20170908
CMC 20170902
CrowdStrike Falcon (ML) 20170804
Cyren 20170908
Emsisoft 20170908
F-Prot 20170908
F-Secure 20170908
Jiangmin 20170908
K7AntiVirus 20170908
K7GW 20170908
Kingsoft 20170908
MAX 20170908
Microsoft 20170908
eScan 20170908
nProtect 20170908
Palo Alto Networks (Known Signatures) 20170908
Panda 20170908
SentinelOne (Static ML) 20170806
Sophos AV 20170908
Symantec Mobile Insight 20170908
TheHacker 20170907
TrendMicro 20170908
TrendMicro-HouseCall 20170908
Trustlook 20170908
VBA32 20170907
ViRobot 20170908
WhiteArmor 20170829
Zoner 20170908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2011 Yontoo LLC. All rights reserved.

Product Yontoo
Internal name TSULoader
File version 2011.12.22.1124
Description Installer
Comments WinNT (x86) Unicode
Signature verification Certificate out of its validity period
Signers
[+] Yontoo LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certification Authority
Valid from 8:10 PM 5/9/2011
Valid to 8:10 PM 5/9/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint DB1E387268ADBCAF799EDECDC143A6610E96842E
Serial number 07 E1 F9 EB CC C1 AC
[+] Go Daddy Secure Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 2:54 AM 11/16/2006
Valid to 2:54 AM 11/16/2026
Valid usage All
Algorithm sha1RSA
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-11 02:55:32
Entry Point 0x00001627
Number of sections 5
PE sections
Overlays
MD5 a68c85e8197ec93309b0ddcf474c2be3
File type data
Offset 20480
Size 793456
Entropy 8.00
PE imports
GetLastError
HeapFree
CreateFileMappingW
OutputDebugStringW
GetSystemInfo
GetModuleFileNameW
GetVersionExW
GetExitCodeProcess
ExitProcess
GetFileAttributesW
lstrlenW
GetFileSize
SetFileTime
GetCommandLineW
MultiByteToWideChar
DeleteFileW
lstrcatW
GetProcessHeap
lstrcpynW
SetFilePointer
MapViewOfFile
GetModuleHandleA
ReadFile
GetTempPathW
CloseHandle
GetModuleHandleW
UnmapViewOfFile
WriteFile
CreateFileW
Sleep
SetFileAttributesW
HeapAlloc
GetProcAddress
GetCurrentProcessId
ShellExecuteExW
wvsprintfW
MessageBoxW
PeekMessageW
wsprintfW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
WebSite
http://www.yontoo.com

SubsystemVersion
4.0

Comments
WinNT (x86) Unicode

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2011.12.22.1124

Email
support@yontoo.com

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Installer

CharacterSet
Unicode

PackageCode
{DF2C5575-728B-7497-FD36-E6ABB557E578}

InitializedDataSize
11776

EntryPoint
0x1627

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2011 Yontoo LLC. All rights reserved.

FileVersion
2011.12.22.1124

TimeStamp
2011:03:11 03:55:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TSULoader

ProductVersion
1.10.02

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Yontoo LLC

CodeSize
7680

ProductName
Yontoo

ProductVersionNumber
1.10.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7fb2e8450fd8fced99d908e11a4b5976
SHA1 314c9e8ae8f5482a2030b8862aeb0d12743dd0bc
SHA256 2cbf1f3d5ff59a9efa4ec5ae54b58c6451edc08f57f25bc97896de4741315cca
ssdeep
24576:gbfU+CBulfOTubNrKSkMl74yltDPkQdizG+d:d7By6uZK3qtDBkh

authentihash 2edecfca3e93005e4b2bc74034fc152733c741119c790d6204594e38c0d9f29f
imphash 37d42aa1fd7036e753cffeb6674fd69d
File size 794.9 KB ( 813936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-01-03 15:02:55 UTC ( 5 years, 8 months ago )
Last submission 2012-11-14 21:29:37 UTC ( 4 years, 10 months ago )
File names YontooSetup.exe
TSULoader
876413897FB86B3219226E977504DD12 - YontooSetup.exe
314c9e8ae8f5482a2030b8862aeb0d12743dd0bc.bin
29D66764706833A86BB30C95B6E41C0009DC5E4E.exe
13264743283857636969
314C9E8AE8F5482A2030B8862AEB0D12743DD0BC
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!