{2ecad685-1644-4a6c-a1ca-055e8d6442fb}.dll

XVRNT

Lemurleap

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module {2ecad685-1644-4a6c-a1ca-055e8d6442fb}.dll, “TODO: <File description>” by Lemurleap has been detected as adware by 33 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by Lemurleap)

Product:
XVRNT

Description:
TODO: <File description>

Version:
2.1.0.2

MD5:
ea35657b0331811aa9e5928054f01b7e

SHA-1:
949dfe823d8c130be5d2544aed8db15ff479fcd1

SHA-256:
b85d2a6c8f9375b86e9241b30317404be46fd041ed46a77cb799127cdf9382ff

Scanner detections:
33 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/16/2017 2:51:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
911

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.BHO
2014.07.31

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.Agent
0.1.0.1

AVG
Lemurleap
2015.0.3447

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14610

Bitdefender
1.0.20.1095

Clam AntiVirus
Win.Adware.Swiftbrowse-20
0.98/21411

Dr.Web
Trojan.BPlug.78
9.0.1.05190

Emsisoft Anti-Malware
8.14.08.07.09

ESET NOD32
Win32/BrowseFox.K potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/LinkSwift
8/7/2014

F-Prot
W32/MegaBrowse.A
4.6.5.141

F-Secure
11.2014-07-08_5

G Data
Adware.SwiftBrowse
14.8.24

IKARUS anti.virus
AdWare.SwiftBrowse
t3scan.1.6.1.0

Jiangmin
Adware/Agent.knu
KV140610

K7 Gateway Antivirus
Trojan
13.181.12846

Kaspersky
not-a-virus:AdWare.Win32.LinkSwift
14.0.0.3441

Kingsoft AntiVirus
Win32.Troj.LinkSwift.a.(kcloud)
331020.49267

McAfee
Artemis!CCC839D94A13
5600.7045

McAfee Web Gateway
Artemis!CCC839D94A13
7.7045

MicroWorld eScan
15.0.0.657

NANO AntiVirus
Riskware.Win32.Yotoon.dcxhdu
0.28.2.61148

nProtect
14.06.22.01

Panda Antivirus
Trj/CI.A
14.08.07.09

Qihoo 360 Security
HEUR/Malware.QVM30.Gen
1.0.0.1015

Reason Heuristics
PUP.Lemurleap.g
14.8.7.21

Sophos
Generic PUA MM
4.98

Trend Micro House Call
Suspicious_GEN.F47V0701
7.2.219

Vba32 AntiVirus
AdWare.Agent
3.12.26.0

VIPRE Antivirus
Threat.4150696
30086

Zillya! Antivirus
Adware.SwiftBrowse.Win32.7
2.0.0.1828

File size:
288.9 KB (295,848 bytes)

Product version:
2.1.0.2

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
XTLS.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\lemurleap\bin\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/7/2014 2:00:00 AM

Valid to:
5/8/2015 1:59:59 AM

Subject:
CN=Lemurleap, O=Lemurleap, STREET=10620 Treena Street Suite 230, L=San Diego, S=Ca, PostalCode=92131, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
015F3E368C995EC152965B1AABC50D9E

Registration
CLSID:
{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
4/30/2014 1:20:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:FMIwkOaVc3OotsrAEM2kVUFxXYNO0A/LKJeeJnXVL2TjXOCbq2xqoIfTean8S75z:FMIwk72laQGW/spGXV2GCbqZoIfhVHh

Entry address:
0x21C37

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, CB, 84, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, B8, 57, AC, 02, 10, A3, 88, 23, 04, 10, C7, 05, 8C, 23, 04, 10, 4D, A3, 02, 10, C7, 05, 90, 23, 04, 10, 01, A3, 02, 10, C7, 05, 94, 23, 04, 10, 3A, A3, 02, 10, C7, 05, 98, 23, 04, 10, A3, A2, 02, 10, A3, 9C, 23, 04, 10, C7, 05, A0, 23, 04, 10, CF, AB, 02, 10, C7, 05, A4, 23, 04, 10, BF, A2, 02, 10, C7, 05, A8, 23, 04, 10, 21, A2, 02, 10, C7, 05, AC, 23, 04, 10, AD, A1...
 
[+]

Entropy:
6.5025

Code size:
204 KB (208,896 bytes)

Remove {2ecad685-1644-4a6c-a1ca-055e8d6442fb}.dll - Powered by Reason Core Security