» {6ccfd995-07be-49cf-8ad6-1422dc08761a}w.sys
Overview
Analysis
File Details
Behaviors (1)

{6ccfd995-07be-49cf-8ad6-1422dc08761a}w.sys

snipsmart

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file {6ccfd995-07be-49cf-8ad6-1422dc08761a}w.sys by snipsmart has been detected as adware by 35 anti-malware scanners. It runs as a Windows kernel mode device driver named “{6ccfd995-07be-49cf-8ad6-1422dc08761a}w”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

StdLib (signed by snipsmart)

Product:

StdLib

Version:

1.4.4.6 built by: WinDDK

MD5:

626d6effd2320658c25873796bc40e71

SHA-1:

6d30bb7d507fcfeef7dc2ae4a3711e84fe25e71f

SHA-256:

e1dcbf05d5efe49f0d50f195bb236350e9d08a3ed90353bb9e524bea8cd4498a

Scanner detections:

35 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/18/2024 10:17:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.V

435

Agnitum Outpost

PUA.BrowseFox

7.1.1

AhnLab V3 Security

PUP/Win32.BrowseFox

2015.06.15

Avira AntiVirus

Adware/BrowseFox.A.1227

7.11.182.18

avast!

Win32:BrowseFox-EV [PUP]

2014.9-151126

AVG

Generic

2016.0.2913

Baidu Antivirus

Adware.Win64.BrowseFox

4.0.3.151126

Bitdefender

Adware.BrowseFox.V

1.0.20.1650

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Netfilter-134

0.98/21411

Comodo Security

Application.Win32.RiskWare.NetFilter.D

22450

Dr.Web

Tool.NetFilter.313

9.0.1.0330

Emsisoft Anti-Malware

Adware.BrowseFox.V

8.15.11.26.09

ESET NOD32

Win64/BrowseFox.AG (variant)

9.10636

Fortinet FortiGate

Adware/Yotoon

11/26/2015

F-Prot

W32/A-248e95ab

v6.4.7.1.166

F-Secure

Adware.BrowseFox.V

11.2015-26-11_5

G Data

Adware.BrowseFox

15.11.24

IKARUS anti.virus

AdWare.SwiftBrowse

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.205.16237

Kaspersky

not-a-virus:AdWare.Win32.Yotoon

14.0.0.1061

Malwarebytes

PUP.Optional.SnipSmart.A

v2015.11.26.09

McAfee

Artemis!DA5A9CBFA847

5600.6569

MicroWorld eScan

Adware.BrowseFox.V

16.0.0.990

NANO AntiVirus

Riskware.Win32.NetFilter.dgkdox

0.28.6.62995

Norman

Adware.BrowseFox.V

11.20151126

nProtect

Adware.BrowseFox.V

14.11.14.01

Panda Antivirus

Generic Suspicious

15.11.26.09

Qihoo 360 Security

Win32/Virus.Adware.c12

1.0.0.1015

Reason Heuristics

PUP.Yontoo.snipsmart (M)

15.11.26.21

Sophos

Browse Fox

4.98

Trend Micro House Call

Suspicious_GEN.F47V0801

7.2.330

Vba32 AntiVirus

AdWare.Win64.Yotoon

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

34334

Zillya! Antivirus

Backdoor.CPEX.Win32.29350

2.0.0.1972

File size:

42.1 KB (43,152 bytes)

Product version:

1.4.4.6

Original file name:

StdLib.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}w.sys

Digital Signature

Signed by:

snipsmart

Authority:

VeriSign, Inc.

Valid from:

8/5/2014 3:00:00 AM

Valid to:

8/6/2015 2:59:59 AM

Subject:

CN=snipsmart, O=snipsmart, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

44017A0654590E4048857CE5A4A44F1A

File PE Metadata

Compilation timestamp:

9/22/2014 10:01:51 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:yN0457WBZwpHs63E+X7BIrTsCEziDH+JgrVJdd3liAUW:mhUcpH/0+LCf7EziDHhd7iAUW

Entry address:

0xA03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 20, 70, FF, FF, CC, CC, 94, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, CE, A4, 00, 00, E0, 80, 00, 00, B4, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 24, A5, 00, 00, 00, 80, 00, 00, EC, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A4, A9, 00, 00, 38, 80, 00, 00, C4, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9C, AA, 00, 00, 10, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, A4, 00, 00, 10, A5, 00, 00, E8, A4... 
[+]

Entropy:

6.6155

Code size:

28 KB (28,672 bytes)

Driver

Display name:

{6ccfd995-07be-49cf-8ad6-1422dc08761a}w

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

Remove {6ccfd995-07be-49cf-8ad6-1422dc08761a}w.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.