home

acerace.mg.exe

Ace Race

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application acerace.mg.exe by Ace Race has been detected as adware by 26 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from the user's temporary directory.
Publisher:
Ace Race  (signed and verified)

MD5:
9d0a16d17c0ea66b8fda3a39a6c63232

SHA-1:
05854b39035135c51eea4b6b8b1d0472ce598f19

SHA-256:
8a2c7b6ef1ff9c292fb57ddc9da4b297eb944643a492ad487b9a48813ce857c4

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 6:25:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BB
705

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2015.01.24

Avira AntiVirus
Adware/BrowseFox.247024.196
7.11.204.206

AVG
Generic
2016.0.3183

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.1532

Bitdefender
Adware.BrowseFox.BB
1.0.20.305

Clam AntiVirus
Win.Adware.Browsefox-185
0.98/21511

Dr.Web
Trojan.BPlug.181
9.0.1.061

Emsisoft Anti-Malware
Adware.BrowseFox.BB
8.15.03.02.01

ESET NOD32
Win32/BrowseFox (variant)
9.11063

F-Prot
W32/S-b5aa130f
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BB
11.2015-02-03_2

G Data
Adware.BrowseFox.BB
15.3.24

K7 AntiVirus
Unwanted-Program
13.192.14734

Malwarebytes
PUP.Optional.BPlug
v2015.03.02.01

McAfee
Artemis!9D0A16D17C0E
5600.6839

MicroWorld eScan
Adware.BrowseFox.BB
16.0.0.183

NANO AntiVirus
Trojan.Win32.BPlug.dfsehz
0.30.0.64812

nProtect
Adware.BrowseFox.BB
15.01.23.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Yontoo
15.3.2.1

Sophos
Generic PUA AF
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Yontoo
10023

Trend Micro House Call
Suspicious_GEN.F47V0122
7.2.61

VIPRE Antivirus
Trojan.Win32.Generic
36912

Zillya! Antivirus
Adware.SwiftBrowse.Win32.4091
2.0.0.2043

File size:
241.2 KB (247,024 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\acerace.mg.exe

Digital Signature
Signed by:
Ace Race

Authority:
VeriSign, Inc.

Valid from:
10/6/2014 7:00:00 PM

Valid to:
10/7/2015 6:59:59 PM

Subject:
CN=Ace Race, O=Ace Race, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47DF877938071D6194F321723076892E

File PE Metadata
Compilation timestamp:
1/19/2015 3:29:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
6144:ykk2cijcc4HiQ38LXKylhly0wmlQhR5uTQTZ:ykD14nihDVlwm6hmcTZ

Entry address:
0x19F64

Entry point:
E8, AB, 82, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 90, F4, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, C8, F0, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.5119

Code size:
183.5 KB (187,904 bytes)

Remove acerace.mg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.