home

{2b4fc5ce-fd26-493c-97d3-e808aab73013}64.dll

XVRNT

Swift Browse

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module {2b4fc5ce-fd26-493c-97d3-e808aab73013}64.dll, “TODO: <File description>” by Swift Browse has been detected as adware by 28 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by Swift Browse)

Product:
XVRNT

Description:
TODO: <File description>

Version:
4.0.0.1

MD5:
644fbd4a5bd3ead5bce1292d75fd2c7d

SHA-1:
3d4c0a4fbfa4d37e0438a82ba43d7b609faaa112

SHA-256:
f22fc9b538f5016b39aa81851e8f6ced157bd7261e843d54c7e5d0f1a4c93fad

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/19/2024 11:28:32 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BQ
355

Agnitum Outpost
Trojan.BPlug
7.1.1

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2014.11.20

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.187.160

avast!
Win32:BrowseFox-GV [PUP]
2014.9-160215

AVG
Generic
2017.0.2833

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.16215

Bitdefender
Adware.SwiftBrowse.AD
1.0.20.230

Clam AntiVirus
Win.Adware.Swiftbrowse-732
0.98/19654

Dr.Web
Trojan.Yontoo.115
9.0.1.046

Emsisoft Anti-Malware
Adware.BrowseFox.BQ
8.16.02.15.01

ESET NOD32
Win64/BrowseFox.CH potentially unwanted application
10.7.0.302.0

F-Prot
W64/S-2db0ff0c
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BQ
11.2016-15-02_2

G Data
Adware.SwiftBrowse.AD
16.2.24

K7 AntiVirus
Trojan
13.185.14071

Malwarebytes
PUP.Optional.SwiftBrowse.A
v2016.02.15.01

McAfee
BrowseFox.e
5600.6489

MicroWorld eScan
Adware.SwiftBrowse.AD
17.0.0.138

nProtect
Adware.SwiftBrowse.AD
14.09.07.01

Quick Heal
Adware.Yotoon.A7
2.16.14.00

Reason Heuristics
PUP.Yontoo.SwiftBrowse (M)
16.2.15.1

Sophos
PUA 'Browse Fox'
5.11

SUPERAntiSpyware
Adware.BrowseFox/Variant
9323

Trend Micro House Call
TROJ_GEN.R0C1C0OA415
7.2.46

Trend Micro
TROJ_GEN.R0C1C0OA415
10.465.15

VIPRE Antivirus
Threat.4734384
34948

Zillya! Antivirus
Adware.SwiftBrowse.Win64.1
2.0.0.1953

File size:
246.8 KB (252,704 bytes)

Product version:
4.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
XTLS.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\swift browse\bin\{2b4fc5ce-fd26-493c-97d3-e808aab73013}64.dll

Digital Signature
Signed by:
Swift Browse

Authority:
VeriSign, Inc.

Valid from:
8/12/2013 7:00:00 AM

Valid to:
8/13/2015 6:59:59 AM

Subject:
CN=Swift Browse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Swift Browse, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0C04BB052D64E706C8E17099AEDEA639

File PE Metadata
Compilation timestamp:
11/12/2014 9:33:18 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Y+TE5tvWfcYYCPbys36l6TNADGrX3PqvcDcJh1:JEWfcYFuFsFqEa

Entry address:
0x19680

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 0F, 60, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 8D, 05, 29, 62, 00, 00, 48, 8D, 0D, 72, 6D, 00, 00, 48, 89, 05, D3, FB, 01, 00, 48, 8D, 05, 04, 62, 00, 00, 48, 89, 0D, BD, FB, 01, 00, 48, 89, 05, C6, FB, 01, 00, 48, 8D, 05, F7, 61, 00, 00, 48, 89, 0D, D0, FB, 01, 00, 48, 89, 05, B9, FB, 01, 00, 48...
 
[+]

Code size:
153.5 KB (157,184 bytes)

Remove {2b4fc5ce-fd26-493c-97d3-e808aab73013}64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.