» 67561acec4434c399e1607f6354b97f2.dll
Overview
Analysis
File Details

67561acec4434c399e1607f6354b97f2.dll

Box Rock

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module 67561acec4434c399e1607f6354b97f2.dll, “TODO: <File description>” by Box Rock has been detected as adware by 24 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

TODO: <Company name> (signed by Box Rock)

Description:

TODO: <File description>

Version:

4.0.0.3

MD5:

01a9cbb63a7174aa1932becb7e63bab5

SHA-1:

22851ca270d0f936902d2cda341247bf3cd126bc

SHA-256:

c870cf26e5538c21304af7fbf745a4159a54d588521bf894e8386d6f352bf0e2

Scanner detections:

24 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 12:35:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.AT

6498366

Avira AntiVirus

ADWARE/BrowseFox.Gen

7.11.206.64

avast!

Win32:BrowseFox-EZ [PUP]

150101-1

AVG

Generic

2016.0.3213

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.15131

Bitdefender

Adware.BrowseFox.AT

1.0.20.155

Clam AntiVirus

Win.Adware.Browsefox-205

0.98/21511

Comodo Security

TrojWare.Win32.BrowseFox.FY

20910

Dr.Web

Trojan.BPlug.891

9.0.1.05190

Emsisoft Anti-Malware

Adware.BrowseFox.AT

9.0.0.4799

ESET NOD32

Win32/BrowseFox.M potentially unwanted application

7.0.302.0

F-Prot

W32/S-34ddbcc5

v6.4.7.1.166

F-Secure

Adware.BrowseFox.AT

5.13.68

G Data

Adware.BrowseFox.AT

15.1.25

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.193.14818

McAfee

Artemis!01A9CBB63A71

5600.6869

MicroWorld eScan

Adware.BrowseFox.AT

16.0.0.93

NANO AntiVirus

Trojan.Win32.BPlug.dmjqza

0.30.0.65070

nProtect

Adware.BrowseFox.AT

15.01.30.01

Reason Heuristics

PUP.Yontoo

15.1.31.7

Vba32 AntiVirus

AdWare.Kranet

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

37128

Zillya! Antivirus

Adware.Agent.Win32.37670

2.0.0.2049

File size:

278.7 KB (285,416 bytes)

Product version:

4.0.0.3

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\box rock\bin\67561acec4434c399e1607f6354b97f2.dll

Digital Signature

Signed by:

Box Rock

Authority:

VeriSign, Inc.

Valid from:

10/7/2014 12:00:00 AM

Valid to:

10/2/2015 11:59:59 PM

Subject:

CN=Box Rock, O=Box Rock, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1125198B1C5DF8CC1185255178F1DAFC

File PE Metadata

Compilation timestamp:

1/11/2015 11:51:00 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:RfcmhLlsosuE23UtV3s7wuBlCwjHdixnibVWajAnP0gQyez6Xjt6AlWEZ7Tfd5nH:RUmhJ/su3UPqXdiPa+0dZOTt6AToEh

Entry address:

0x20437

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A1, 7E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, B8, 2D, 8E, 02, 10, A3, 98, F2, 03, 10, C7, 05, 9C, F2, 03, 10, 23, 85, 02, 10, C7, 05, A0, F2, 03, 10, D7, 84, 02, 10, C7, 05, A4, F2, 03, 10, 10, 85, 02, 10, C7, 05, A8, F2, 03, 10, 79, 84, 02, 10, A3, AC, F2, 03, 10, C7, 05, B0, F2, 03, 10, A5, 8D, 02, 10, C7, 05, B4, F2, 03, 10, 95, 84, 02, 10, C7, 05, B8, F2, 03, 10, F7, 83, 02, 10, C7, 05, BC, F2, 03, 10, 83, 83... 
[+]

Code size:

196 KB (200,704 bytes)

Remove 67561acec4434c399e1607f6354b97f2.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.