» 0ca298513273497eb859b648c9a6fe3a64.dll
Overview
Analysis
File Details

0ca298513273497eb859b648c9a6fe3a64.dll

Jump Flip

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module 0ca298513273497eb859b648c9a6fe3a64.dll, “TODO: <File description>” by Jump Flip has been detected as adware by 21 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

TODO: <Company name> (signed by Jump Flip)

Description:

TODO: <File description>

Version:

4.0.0.3

MD5:

23cb80d022a799b50f51793104b98d69

SHA-1:

71b47f4b3619e7f1efabdc48f0af480ecb05717f

SHA-256:

70c6ee66b731f419024eeba44d18d4f21a68bcb47fd31cac4bcd3e1059236b97

Scanner detections:

21 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/24/2024 10:39:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.BJ

6395812

Agnitum Outpost

Trojan.Yontoo

7.1.1

AhnLab V3 Security

PUP/Win32.BrowseFox

2015.02.14

Avira AntiVirus

ADWARE/BrowseFox.Gen

7.11.210.34

avast!

Win32:BrowseFox-DZ [PUP]

150203-1

AVG

Adware Generic_r.YI

2014.0.4257

Baidu Antivirus

Adware.Win64.BrowseFox

4.0.3.15213

Bitdefender

Adware.BrowseFox.BJ

1.0.20.220

Clam AntiVirus

Win.Adware.Browsefox-227

0.98/21511

Dr.Web

Trojan.Yontoo.495

9.0.1.05190

Emsisoft Anti-Malware

Adware.BrowseFox.BJ

9.0.0.4799

ESET NOD32

Win64/BrowseFox.CK potentially unwanted application

7.0.302.0

F-Prot

W64/S-2a38df27

v6.4.7.1.166

F-Secure

Adware.BrowseFox.BJ

5.13.68

G Data

Adware.BrowseFox.BJ

15.2.25

IKARUS anti.virus

AdWare.BrowseFox

t3scan.1.8.6.0

MicroWorld eScan

Adware.BrowseFox.BJ

16.0.0.132

nProtect

Adware.BrowseFox.BJ

15.02.13.01

Reason Heuristics

PUP.Yontoo

15.2.13.9

VIPRE Antivirus

Threat.4150696

36694

Zillya! Antivirus

Backdoor.PePatch.Win32.62045

2.0.0.2066

File size:

250.8 KB (256,800 bytes)

Product version:

4.0.0.3

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\jump flip\bin\0ca298513273497eb859b648c9a6fe3a64.dll

Digital Signature

Signed by:

Jump Flip

Authority:

VeriSign, Inc.

Valid from:

8/22/2013 8:00:00 AM

Valid to:

8/23/2015 7:59:59 AM

Subject:

CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

144CF0B61216826C7F439B5C91A6ABD6

Registration

CLSID:

{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

1/11/2015 7:51:28 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:Yr72S8iPKc/27KjT/ZwnNBTVOTBBUy3wqqwkMsO:672+Kc/XjT6jGAqqw

Entry address:

0x1A090

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 2F, 60, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 8D, 05, 49, 62, 00, 00, 48, 8D, 0D, 92, 6D, 00, 00, 48, 89, 05, C3, 01, 02, 00, 48, 8D, 05, 24, 62, 00, 00, 48, 89, 0D, AD, 01, 02, 00, 48, 89, 05, B6, 01, 02, 00, 48, 8D, 05, 17, 62, 00, 00, 48, 89, 0D, C0, 01, 02, 00, 48, 89, 05, A9, 01, 02, 00, 48... 
[+]

Entropy:

6.0650

Code size:

156.5 KB (160,256 bytes)

Remove 0ca298513273497eb859b648c9a6fe3a64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.