home

{6a0e715f-5cd3-4402-8a39-80497da09315}.dll

WebSize

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module {6a0e715f-5cd3-4402-8a39-80497da09315}.dll, “TODO: <File description>” by WebSize has been detected as adware by 11 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by WebSize)

Description:
TODO: <File description>

Version:
4.0.0.1

MD5:
d5077fdab2460cdc0e3d4d22b6b94a17

SHA-1:
e622e86f393522ca0437a18ec2c6712d42794b81

SHA-256:
eaf5324f601ac5342f216c92a009c8f363a937181dd6d80043aba7c86ed0d5f4

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/23/2024 11:10:15 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.197.26

Clam AntiVirus
Win.Adware.Swiftbrowse-729
0.98/19819

Dr.Web
Trojan.BPlug.341
9.0.1.05190

ESET NOD32
Win32/BrowseFox (variant)
8.10912

K7 AntiVirus
Trojan
13.188.14395

McAfee
Artemis!D5077FDAB246
5600.6909

NANO AntiVirus
Trojan.Win32.BPlug.decyqf
0.28.6.64267

Reason Heuristics
PUP.WebSize.g
14.12.21.23

Vba32 AntiVirus
AdWare.LinkSwift
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Backdoor.PePatch.Win32.52986
2.0.0.2012

File size:
275.7 KB (282,344 bytes)

Product version:
4.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\commonshare\bin\{6a0e715f-5cd3-4402-8a39-80497da09315}.dll

Digital Signature
Signed by:
WebSize

Authority:
VeriSign, Inc.

Valid from:
11/4/2014 7:00:00 PM

Valid to:
11/5/2015 6:59:59 PM

Subject:
CN=WebSize, O=WebSize, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3BF641276AFD036CF34AFE5DF331B2A1

File PE Metadata
Compilation timestamp:
12/18/2014 9:25:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:1HcPDC1QB53bZ8EvbsBxrw1mqmHiUE0lQ/m+4uMVDHzt5Rpy7sdMjOSqXnRaHbbx:18PD0Qr18WKJX44lZzt5XAwkOVXUEVq5

Entry address:
0x1FB07

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A0, 7E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, B8, FC, 84, 02, 10, A3, 98, F2, 03, 10, C7, 05, 9C, F2, 03, 10, F2, 7B, 02, 10, C7, 05, A0, F2, 03, 10, A6, 7B, 02, 10, C7, 05, A4, F2, 03, 10, DF, 7B, 02, 10, C7, 05, A8, F2, 03, 10, 48, 7B, 02, 10, A3, AC, F2, 03, 10, C7, 05, B0, F2, 03, 10, 74, 84, 02, 10, C7, 05, B4, F2, 03, 10, 64, 7B, 02, 10, C7, 05, B8, F2, 03, 10, C6, 7A, 02, 10, C7, 05, BC, F2, 03, 10, 52, 7A...
 
[+]

Entropy:
6.4908

Code size:
193.5 KB (198,144 bytes)

Remove {6a0e715f-5cd3-4402-8a39-80497da09315}.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.