home

{8c39d0b0-9b68-43ef-bc3c-2ef385fe5169}w.sys

Framed Display

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file {8c39d0b0-9b68-43ef-bc3c-2ef385fe5169}w.sys by Framed Display has been detected as adware by 25 anti-malware scanners. It runs as a Windows kernel mode device driver named “{8c39d0b0-9b68-43ef-bc3c-2ef385fe5169}w”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
StdLib  (signed by Framed Display)

Product:
StdLib

Version:
1.4.4.6 built by: WinDDK

MD5:
636551c4af6e35cca926fd367d95ffd5

SHA-1:
422854b43ae47dc17b5459ecd1288ec39edbc2ad

SHA-256:
c1648f3bed6edf24094c51b29e97f83cacfd87ff3a1afc8eb62bb1a172bfe9dd

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 9:34:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.V
799

Agnitum Outpost
PUA.BrowseFox
7.1.1

Avira AntiVirus
Adware/BrowseFox.A.1227
7.11.184.22

AVG
Generic
2015.0.3277

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.141128

Bitdefender
Adware.BrowseFox.V
1.0.20.1660

Bkav FE
W32.YotoonHV.Trojan
1.3.0.4959

Clam AntiVirus
Win.Adware.Netfilter-134
0.98/21411

Comodo Security
TrojWare.Win32.AltBrowse.IZZV
20049

Dr.Web
Tool.NetFilter.313
9.0.1.0332

Emsisoft Anti-Malware
Adware.BrowseFox.V
8.14.11.28.03

ESET NOD32
Win64/BrowseFox (variant)
8.10704

F-Prot
W32/A-76f53fd6
v6.4.7.1.166

F-Secure
Adware.BrowseFox.V
11.2014-28-11_6

G Data
Adware.BrowseFox
14.11.24

McAfee
Artemis!636551C4AF6E
5600.6933

MicroWorld eScan
Adware.BrowseFox.V
15.0.0.996

NANO AntiVirus
Riskware.Win32.NetFilter.dgkdox
0.28.6.62995

nProtect
Adware.BrowseFox.V
14.11.10.01

Qihoo 360 Security
Win32/Virus.Adware.618
1.0.0.1015

Reason Heuristics
PUP.FramedDisplay.k
14.11.28.3

Sophos
Generic PUA EC
4.98

Vba32 AntiVirus
AdWare.Win64.Yotoon
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34698

Zillya! Antivirus
Backdoor.CPEX.Win32.29350
2.0.0.1980

File size:
42.1 KB (43,160 bytes)

Product version:
1.4.4.6

Copyright:
Copyright © 2013 StdLib

Original file name:
StdLib.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\{8c39d0b0-9b68-43ef-bc3c-2ef385fe5169}w.sys

Digital Signature
Signed by:
Framed Display

Authority:
VeriSign, Inc.

Valid from:
9/2/2014 4:30:00 AM

Valid to:
9/3/2015 4:29:59 AM

Subject:
CN=Framed Display, O=Framed Display, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0D3806B0A949749DBCBC82C1D4C58407

File PE Metadata
Compilation timestamp:
11/7/2014 9:01:49 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
768:jN0457WBZwpHs63E+X7BIrTsCEziDH+JgrVJdddJ:phUcpH/0+LCf7EziDHhdJ

Entry address:
0xA03E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 20, 70, FF, FF, CC, CC, 94, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, CE, A4, 00, 00, E0, 80, 00, 00, B4, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 24, A5, 00, 00, 00, 80, 00, 00, EC, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A4, A9, 00, 00, 38, 80, 00, 00, C4, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9C, AA, 00, 00, 10, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, A4, 00, 00, 10, A5, 00, 00, E8, A4...
 
[+]

Entropy:
6.6138

Code size:
28 KB (28,672 bytes)

Driver
Display name:
{8c39d0b0-9b68-43ef-bc3c-2ef385fe5169}w

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove {8c39d0b0-9b68-43ef-bc3c-2ef385fe5169}w.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.