home

6fcd609296154f7f889864.dll

NetCrawl

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module 6fcd609296154f7f889864.dll by NetCrawl has been detected as adware by 30 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
NetCrawl  (signed and verified)

MD5:
fffef63ff9af28643bbb2f80f47bc05c

SHA-1:
2db7128618c36f8243b4fbb763183771304d5e6c

SHA-256:
262be08e956b954d523bcd4da6c9cdbc0596f58291f59bd91c5acc952bb1c264

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/27/2024 4:17:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.AQ
737

Agnitum Outpost
Trojan.BPlug
7.1.1

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2015.01.14

Avira AntiVirus
Adware/BrowseFox.apl
7.11.200.132

avast!
Win32:BrowseFox-CH [PUP]
2014.9-150128

AVG
Generic5
2016.0.3215

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15128

Bitdefender
Adware.SwiftBrowse.AQ
1.0.20.140

Clam AntiVirus
Win.Adware.Swiftbrowse-281
0.98/21511

Comodo Security
ApplicUnwnt
20696

Dr.Web
Trojan.BPlug.218
9.0.1.028

Emsisoft Anti-Malware
Adware.SwiftBrowse.AQ
8.15.01.28.12

ESET NOD32
Win64/BrowseFox
9.11005

Fortinet FortiGate
Adware/BrowseFox
1/28/2015

F-Prot
W64/S-03cea31a
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.AQ
11.2015-28-01_4

G Data
Adware.SwiftBrowse.AQ
15.1.24

K7 AntiVirus
Adware
13.191.14625

Kaspersky
not-a-virus:AdWare.Win32.SwiftBrowse
14.0.0.2572

McAfee
Adware-BrowseFox
5600.6871

MicroWorld eScan
Adware.SwiftBrowse.AQ
16.0.0.84

nProtect
Trojan-Clicker/W32.LinkSwift.197408
15.01.13.01

Panda Antivirus
Trj/CI.A
15.01.28.12

Quick Heal
AdWare.Swiftbrowse.r6 (Not a Virus)
1.15.14.00

Reason Heuristics
PUP.Yontoo
15.1.28.12

Rising Antivirus
PE:Trojan.Win32.Generic.175249DE!391268830
23.00.65.15126

Trend Micro House Call
TROJ_GEN.R047C0EJD14
7.2.28

Trend Micro
TROJ_GEN.R047C0EJD14
10.465.28

VIPRE Antivirus
Adware.BrowseFox
36614

Zillya! Antivirus
Adware.Kranet.Win64.4
2.0.0.2033

File size:
192.8 KB (197,408 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\netcrawl\bin\6fcd609296154f7f889864.dll

Digital Signature
Signed by:
NetCrawl

Authority:
VeriSign, Inc.

Valid from:
4/29/2014 3:00:00 AM

Valid to:
4/30/2015 2:59:59 AM

Subject:
CN=NetCrawl, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NetCrawl, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3C05F8D25EB72CD5B6EB863AA0585F70

File PE Metadata
Compilation timestamp:
8/14/2014 9:52:31 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:WP1njdfnYakEYPDXy4VTfFGUTRQJhuK1wpt+xCib6T:WP1RYEYPDXbTfFnTRQJhve2ZmT

Entry address:
0x11648

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 43, 61, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 7C, 24, 18, 55, 48, 8B, EC, 48, 83, EC, 60, 48, 8B, FA, 48, 8B, D9, 48, 8D, 4D, C0, 48, 8D, 15, 75, 00, 01, 00, 41, B8, 40, 00, 00, 00, E8, DA, F4, FF, FF, 48, 8D, 55, 10, 48, 8B, CF, 48, 89, 5D, E8, 48, 89, 7D, F0, E8, B6, DD...
 
[+]

Code size:
128 KB (131,072 bytes)

Remove 6fcd609296154f7f889864.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.