home

a55667f1a3194629a8b6a68d9d3313ee.dll

Clock Hand

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module a55667f1a3194629a8b6a68d9d3313ee.dll, “TODO: <File description>” by Clock Hand has been detected as adware by 27 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by Clock Hand)

Description:
TODO: <File description>

Version:
4.0.0.3

MD5:
d4478c7010be17d8387d9b9de0a7ed25

SHA-1:
ca77aa67edaa94632228dd03f37b59308f3c8a19

SHA-256:
33c8b7233e758cdf1826937a3d75fdcc12c9f9c862571f330ffa5c4b3ca09260

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 4:06:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BU
701

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.06

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.214.34

AVG
AdPlugin
2016.0.3179

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.1535

Bitdefender
Adware.BrowseFox.BU
1.0.20.320

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Browsefox-205
0.98/20051

Comodo Security
TrojWare.Win32.BrowseFox.FY
21306

Dr.Web
Trojan.BPlug.891
9.0.1.064

Emsisoft Anti-Malware
Adware.BrowseFox.BU
8.15.03.05.07

ESET NOD32
Win32/BrowseFox.M potentially unwanted application
9.7.0.302.0

F-Prot
W32/S-c20eddc6
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BU
11.2015-05-03_5

G Data
Adware.BrowseFox.BU
15.3.25

herdProtect (fuzzy)
variant of 0bb5bb01951b42238fcbb066d3518b73.dll (Adware)
2015.6.12.13

K7 AntiVirus
Unwanted-Program
13.200.15176

McAfee
Program.BrowseFox-FWL
16.8.708.2

MicroWorld eScan
Adware.BrowseFox.BU
16.0.0.192

NANO AntiVirus
Trojan.Win32.BPlug.dmjqza
0.30.0.296

nProtect
Adware.BrowseFox.BU
15.02.10.01

Panda Antivirus
Generic Suspicious
15.03.05.07

Reason Heuristics
PUP.Yontoo
15.3.5.19

Vba32 AntiVirus
AdWare.Kranet
3.12.26.3

VIPRE Antivirus
Threat.4150696
36694

Zillya! Antivirus
Adware.Agent.Win32.37670
2.0.0.2061

File size:
278.7 KB (285,424 bytes)

Product version:
4.0.0.3

Copyright:
TODO: (c) <Company name>. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\clock hand\bin\a55667f1a3194629a8b6a68d9d3313ee.dll

Digital Signature
Signed by:
Clock Hand

Authority:
VeriSign, Inc.

Valid from:
1/11/2015 1:00:00 AM

Valid to:
1/12/2016 12:59:59 AM

Subject:
CN=Clock Hand, O=Clock Hand, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
456A42223C623741F26F18A9D4223E47

File PE Metadata
Compilation timestamp:
1/11/2015 12:51:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:4UmhJ/su3UPqXdiPa+0dZOTt6AToEVfR4:TQ0/Pqgi+0dZOTTPVf2

Entry address:
0x20437

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A1, 7E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, B8, 2D, 8E, 02, 10, A3, 98, F2, 03, 10, C7, 05, 9C, F2, 03, 10, 23, 85, 02, 10, C7, 05, A0, F2, 03, 10, D7, 84, 02, 10, C7, 05, A4, F2, 03, 10, 10, 85, 02, 10, C7, 05, A8, F2, 03, 10, 79, 84, 02, 10, A3, AC, F2, 03, 10, C7, 05, B0, F2, 03, 10, A5, 8D, 02, 10, C7, 05, B4, F2, 03, 10, 95, 84, 02, 10, C7, 05, B8, F2, 03, 10, F7, 83, 02, 10, C7, 05, BC, F2, 03, 10, 83, 83...
 
[+]

Code size:
196 KB (200,704 bytes)

Remove a55667f1a3194629a8b6a68d9d3313ee.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.