home

aba4e778dd254faab02e0b39ca3812a0.dll

Box Rock

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module aba4e778dd254faab02e0b39ca3812a0.dll, “TODO: <File description>” by Box Rock has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by Box Rock)

Description:
TODO: <File description>

Version:
4.0.0.3

MD5:
6b2144cdef3a150aa6fe38edb5681294

SHA-1:
c4e7b03094d6a1aef55c4d8fc3c31b06a7a8bc96

SHA-256:
c2a14735ec465dad7164308776edd5d235a8c6671be90dfebe638c57b935d341

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 4:13:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.AT
6496598

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.206.62

avast!
Win32:BrowseFox-EZ [PUP]
150129-1

AVG
Generic
2016.0.3213

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15131

Bitdefender
Adware.BrowseFox.AT
1.0.20.155

Clam AntiVirus
Win.Adware.Browsefox-205
0.98/20008

Comodo Security
TrojWare.Win32.BrowseFox.FY
20910

Dr.Web
Trojan.BPlug.891
9.0.1.05190

Emsisoft Anti-Malware
Adware.BrowseFox.AT
9.0.0.4799

ESET NOD32
Win32/BrowseFox.M potentially unwanted application
7.0.302.0

F-Prot
W32/S-34ddbcc5
v6.4.7.1.166

F-Secure
Adware.BrowseFox.AT
5.13.68

G Data
Adware.BrowseFox.AT
15.1.25

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14818

MicroWorld eScan
Adware.BrowseFox.AT
16.0.0.93

NANO AntiVirus
Trojan.Win32.BPlug.dmjqza
0.30.0.65070

nProtect
Adware.BrowseFox.AT
15.01.30.01

Reason Heuristics
PUP.Yontoo
15.1.31.7

Vba32 AntiVirus
AdWare.Kranet
3.12.26.3

VIPRE Antivirus
Threat.4150696
36694

Zillya! Antivirus
Adware.Agent.Win32.37670
2.0.0.2049

File size:
278.7 KB (285,416 bytes)

Product version:
4.0.0.3

Copyright:
TODO: (c) <Company name>. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\box rock\bin\aba4e778dd254faab02e0b39ca3812a0.dll

Digital Signature
Signed by:
Box Rock

Authority:
VeriSign, Inc.

Valid from:
10/7/2014 12:00:00 AM

Valid to:
10/2/2015 11:59:59 PM

Subject:
CN=Box Rock, O=Box Rock, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1125198B1C5DF8CC1185255178F1DAFC

Registration
CLSID:
{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
1/11/2015 11:51:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:yfcmhLlsosuE23UtV3s7wuBlCwjHdixnibVWajAnP0gQyez6Xjt6AlWEZ7Tfd5nY:yUmhJ/su3UPqXdiPa+0dZOTt6AToES

Entry address:
0x20437

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A1, 7E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, B8, 2D, 8E, 02, 10, A3, 98, F2, 03, 10, C7, 05, 9C, F2, 03, 10, 23, 85, 02, 10, C7, 05, A0, F2, 03, 10, D7, 84, 02, 10, C7, 05, A4, F2, 03, 10, 10, 85, 02, 10, C7, 05, A8, F2, 03, 10, 79, 84, 02, 10, A3, AC, F2, 03, 10, C7, 05, B0, F2, 03, 10, A5, 8D, 02, 10, C7, 05, B4, F2, 03, 10, 95, 84, 02, 10, C7, 05, B8, F2, 03, 10, F7, 83, 02, 10, C7, 05, BC, F2, 03, 10, 83, 83...
 
[+]

Code size:
196 KB (200,704 bytes)

Remove aba4e778dd254faab02e0b39ca3812a0.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.