home

{59981518-8b2b-431e-90db-17dacc8cfa86}64.dll

XVRNT

Jotzey

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module {59981518-8b2b-431e-90db-17dacc8cfa86}64.dll, “TODO: <File description>” by Jotzey has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by Jotzey)

Product:
XVRNT

Description:
TODO: <File description>

Version:
4.0.0.1

MD5:
0f68207a0ade8311328d876bbf94f611

SHA-1:
5ccfce2bab672ad4fa2f1bc8cfcd01d42fa2884a

SHA-256:
9de0282629acee505e5e99bb2750f7407f82897179b35f9e58c38e52897b2347

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/24/2024 11:41:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.AD
357

Agnitum Outpost
Trojan.BPlug
7.1.1

AhnLab V3 Security
PUP/Win32.Helper
2014.09.13

Avira AntiVirus
APPL/BrowseFox.Gen
7.11.171.142

avast!
Win32:BrowseFox-EO [PUP]
2014.9-160213

AVG
Generic
2017.0.2835

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.16213

Bitdefender
Adware.SwiftBrowse.AD
1.0.20.220

Clam AntiVirus
Win.Adware.Swiftbrowse-330
0.98/19574

Dr.Web
Trojan.Yontoo.115
9.0.1.044

Emsisoft Anti-Malware
Adware.SwiftBrowse.AD
8.16.02.13.12

ESET NOD32
Win64/BrowseFox.CH potentially unwanted application
10.7.0.302.0

F-Secure
Adware.SwiftBrowse.AD
11.2016-13-02_7

G Data
Adware.SwiftBrowse.AD
16.2.24

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.8.3.0

K7 AntiVirus
Adware
13.187.14319

McAfee
Program.BrowseFox.e
5600.6491

MicroWorld eScan
Adware.SwiftBrowse.AD
17.0.0.132

nProtect
Adware.SwiftBrowse.AD
14.09.07.01

Reason Heuristics
PUP.Yontoo.Jotzey (M)
16.2.13.0

Sophos
Browse Fox
4.98

VIPRE Antivirus
Threat.4741131
32210

Zillya! Antivirus
Adware.SwiftBrowse.Win64.1
2.0.0.1975

File size:
246.8 KB (252,696 bytes)

Product version:
4.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
XTLS.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\jotzey\bin\{59981518-8b2b-431e-90db-17dacc8cfa86}64.dll

Digital Signature
Signed by:
Jotzey

Authority:
VeriSign, Inc.

Valid from:
1/12/2014 2:00:00 AM

Valid to:
1/13/2015 1:59:59 AM

Subject:
CN=Jotzey, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jotzey, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4C7B335D1F24250859B4B5C0085A062C

File PE Metadata
Compilation timestamp:
11/12/2014 4:33:18 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:q+TE5tvWfcYYCPbys36l6TNADGrX3PqvcDcJha:TEWfcYFuFsFqEV

Entry address:
0x19680

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 0F, 60, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 8D, 05, 29, 62, 00, 00, 48, 8D, 0D, 72, 6D, 00, 00, 48, 89, 05, D3, FB, 01, 00, 48, 8D, 05, 04, 62, 00, 00, 48, 89, 0D, BD, FB, 01, 00, 48, 89, 05, C6, FB, 01, 00, 48, 8D, 05, F7, 61, 00, 00, 48, 89, 0D, D0, FB, 01, 00, 48, 89, 05, B9, FB, 01, 00, 48...
 
[+]

Code size:
153.5 KB (157,184 bytes)

Remove {59981518-8b2b-431e-90db-17dacc8cfa86}64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.