{29b136c9-938d-4d3d-8df8-d649d9b74d02}gw.sys
Megabrowse
Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file {29b136c9-938d-4d3d-8df8-d649d9b74d02}gw.sys by Megabrowse has been detected as adware by 5 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
File name:
{29b136c9-938d-4d3d-8df8-d649d9b74d02}gw.sys
Publisher:
StdLib (signed by Megabrowse)
Version:
1.4.3.1 built by: WinDDK
MD5:
1b1d8b05f13b490380b64fe9323d2974
SHA-1:
0e01526dbcdc0e5fe517820b3699106581b8ed44
SHA-256:
74cc727ec9816f286c7458403b354ce37d792f3db8af1b9c3d579b89efc1c8c4
Scanner detections:
5 / 68
Explanation:
Injects advertising in the web browser in various formats.
Analysis date:
4/26/2024 3:51:30 PM UTC (today)
Scan engine
Detection
Engine version
Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14722
Reason Heuristics
PUP.Megabrowse.l
14.7.22.13
VIPRE Antivirus
Trojan.Win32.Generic
31316
File size:
51.3 KB (52,512 bytes)
Copyright:
Copyright © 2013 StdLib
Original file name:
StdLib.sys
File type:
Driver (Win64 SYS)
Language:
English (United States)
Common path:
C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}gw.sys
Authority:
COMODO CA Limited
Valid from:
5/7/2014 2:00:00 AM
Valid to:
5/8/2015 1:59:59 AM
Subject:
CN=Megabrowse, O=Megabrowse, STREET=10620 Treena Street Suite 230, L=San Diego, S=Ca, PostalCode=92131, C=US
Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Serial number:
0CD194221ED016F035BD7BACA4027DC3
CTPH (ssdeep):
768:CIsHpnKHCBSqUPJHKQpkJxpKwT2bcWiJmOtX3g2rp3lnS+H+uz:VsHRKHLJqQpkYwTsiTtXxtzFz
Driver
Display name:
{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw
Type:
Kernel device driver (KernelDriver)