home

09d706bab371486b89c2f879485c5d8c.dll

Digi Docket

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module 09d706bab371486b89c2f879485c5d8c.dll, “TODO: <File description>” by Digi Docket has been detected as adware by 28 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by Digi Docket)

Description:
TODO: <File description>

Version:
4.0.0.3

MD5:
58aa2f644050d9ca6d814875673e2a67

SHA-1:
fa93fc0463b58214b9b0daf678501dba2dc27f10

SHA-256:
10a325b51efef0ca050237a75f8d6a2500df00ed5edf209e640348352cbd61a2

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 11:04:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BU
6762526

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.06

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.214.42

AVG
Adware AdPlugin.CUI
2014.0.4257

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.1536

Bitdefender
Adware.BrowseFox.BU
1.0.20.325

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Swiftbrowse-20
0.98/21411

Comodo Security
TrojWare.Win32.BrowseFox.FY
21311

Dr.Web
Trojan.BPlug.891
9.0.1.065

Emsisoft Anti-Malware
Adware.BrowseFox.BU
9.0.0.4799

ESET NOD32
Win32/BrowseFox.M potentially unwanted application
9.7.0.302.0

F-Prot
W32/MegaBrowse.A
v6.4.6.5.141

F-Secure
Adware.BrowseFox.BU
5.13.68

G Data
Adware.BrowseFox.BU
15.3.25

herdProtect (fuzzy)
variant of {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}.dll (Adware)
2015.6.12.19

IKARUS anti.virus
AdWare.BrowseBurst
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.200.15179

McAfee
BrowseFox-FWL
5600.6835

MicroWorld eScan
Adware.BrowseFox.BU
16.0.0.195

NANO AntiVirus
Trojan.Win32.BPlug.dmjqza
0.30.0.296

nProtect
Adware.BrowseFox.BU
15.03.06.01

Panda Antivirus
Generic Suspicious
15.03.06.05

Reason Heuristics
PUP.Yontoo
15.3.6.5

Vba32 AntiVirus
AdWare.Kranet
3.12.26.3

VIPRE Antivirus
Adware.SearchProtect
32498

Zillya! Antivirus
Adware.Kranet.Win32.17
2.0.0.1900

File size:
278.7 KB (285,432 bytes)

Product version:
4.0.0.3

Copyright:
TODO: (c) <Company name>. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\digi docket\bin\09d706bab371486b89c2f879485c5d8c.dll

Digital Signature
Signed by:
Digi Docket

Authority:
VeriSign, Inc.

Valid from:
12/17/2014 1:00:00 AM

Valid to:
12/18/2015 12:59:59 AM

Subject:
CN=Digi Docket, O=Digi Docket, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7B3162550DBA3A8F351A50ABE845DC1C

File PE Metadata
Compilation timestamp:
1/11/2015 12:51:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:PfcmhLlsosuE23UtV3s7wuBlCwjHdixnibVWajAnP0gQyez6Xjt6AlWEZ7Tfd5nR:PUmhJ/su3UPqXdiPa+0dZOTt6AToE

Entry address:
0x20437

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A1, 7E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, B8, 2D, 8E, 02, 10, A3, 98, F2, 03, 10, C7, 05, 9C, F2, 03, 10, 23, 85, 02, 10, C7, 05, A0, F2, 03, 10, D7, 84, 02, 10, C7, 05, A4, F2, 03, 10, 10, 85, 02, 10, C7, 05, A8, F2, 03, 10, 79, 84, 02, 10, A3, AC, F2, 03, 10, C7, 05, B0, F2, 03, 10, A5, 8D, 02, 10, C7, 05, B4, F2, 03, 10, 95, 84, 02, 10, C7, 05, B8, F2, 03, 10, F7, 83, 02, 10, C7, 05, BC, F2, 03, 10, 83, 83...
 
[+]

Code size:
196 KB (200,704 bytes)

Remove 09d706bab371486b89c2f879485c5d8c.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.