home

{30389f51-b968-4243-8e7c-c69cde75ce4d}w.sys

Megabrowse

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file {30389f51-b968-4243-8e7c-c69cde75ce4d}w.sys by Megabrowse has been detected as adware by 30 anti-malware scanners. It runs as a Windows kernel mode device driver named “{30389f51-b968-4243-8e7c-c69cde75ce4d}w”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
StdLib  (signed by Megabrowse)

Product:
StdLib

Version:
1.4.4.6 built by: WinDDK

MD5:
f15140b946807b85999b31bc3eab97dd

SHA-1:
fe582406d44569ebdd7aa392292ad5ac16953330

SHA-256:
9758a7007ac35095607d0fa8dd5e0707a9cd1865c03c310f84d0ce2987571707

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 7:15:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.V
356

Agnitum Outpost
PUA.BrowseFox
7.1.1

Avira AntiVirus
Adware/BrowseFox.A.1227
7.11.186.196

avast!
Win32:BrowseFox-DD [PUP]
2014.9-160213

AVG
Megabrowse
2017.0.2834

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.16213

Bitdefender
Adware.BrowseFox.V
1.0.20.220

Clam AntiVirus
Win.Adware.Netfilter-134
0.98/21411

Comodo Security
TrojWare.Win32.AltBrowse.IZZV
20114

Emsisoft Anti-Malware
Adware.BrowseFox.V
8.16.02.13.09

ESET NOD32
Win64/BrowseFox (variant)
10.10737

Fortinet FortiGate
Adware/Yotoon
2/13/2016

F-Prot
W32/A-248e95ab
v6.4.7.1.166

F-Secure
Adware.BrowseFox.V
11.2016-13-02_7

G Data
Adware.BrowseFox
16.2.24

K7 AntiVirus
Trojan
13.185.13888

Kaspersky
not-a-virus:AdWare.Win32.Yotoon
14.0.0.666

McAfee
Artemis!5178FFC87986
5600.6490

MicroWorld eScan
Adware.BrowseFox.V
17.0.0.132

NANO AntiVirus
Riskware.Win32.NetFilter.dgkdox
0.28.6.63474

nProtect
Adware.BrowseFox.V
14.11.17.01

Panda Antivirus
Trj/CI.A
16.02.13.09

Qihoo 360 Security
Win32/Virus.Adware.618
1.0.0.1015

Reason Heuristics
PUP.Yontoo.Megabrowse (M)
16.2.13.21

Sophos
Browse Fox
4.98

Trend Micro House Call
TROJ_GEN.R0C2C0EK214
7.2.44

Trend Micro
TROJ_GEN.R0C2C0EK214
10.465.13

Vba32 AntiVirus
AdWare.Win64.Yotoon
3.12.26.3

VIPRE Antivirus
Yontoo
34874

Zillya! Antivirus
Backdoor.CPEX.Win32.29350
2.0.0.1984

File size:
41.8 KB (42,784 bytes)

Product version:
1.4.4.6

Copyright:
Copyright © 2013 StdLib

Original file name:
StdLib.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\{30389f51-b968-4243-8e7c-c69cde75ce4d}w.sys

Digital Signature
Signed by:
Megabrowse

Authority:
COMODO CA Limited

Valid from:
5/7/2014 1:00:00 AM

Valid to:
5/8/2015 12:59:59 AM

Subject:
CN=Megabrowse, O=Megabrowse, STREET=10620 Treena Street Suite 230, L=San Diego, S=Ca, PostalCode=92131, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0CD194221ED016F035BD7BACA4027DC3

File PE Metadata
Compilation timestamp:
9/22/2014 8:01:51 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
768:rN0457WBZwpHs63E+X7BIrTsCEziDH+JgrVJddC+H+h:RhUcpH/0+LCf7EziDHhdpy

Entry address:
0xA03E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 20, 70, FF, FF, CC, CC, 94, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, CE, A4, 00, 00, E0, 80, 00, 00, B4, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 24, A5, 00, 00, 00, 80, 00, 00, EC, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A4, A9, 00, 00, 38, 80, 00, 00, C4, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9C, AA, 00, 00, 10, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, A4, 00, 00, 10, A5, 00, 00, E8, A4...
 
[+]

Code size:
28 KB (28,672 bytes)

Driver
Display name:
{30389f51-b968-4243-8e7c-c69cde75ce4d}w

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove {30389f51-b968-4243-8e7c-c69cde75ce4d}w.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.