home

AdvanceElite.BrowserAdapter.dll

AdvanceElite

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module AdvanceElite.BrowserAdapter.dll by AdvanceElite has been detected as adware by 16 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
AdvanceElite  (signed and verified)

Version:
1.0.5405.23933

MD5:
ad860b6ea0194663e896dd8912c5eb88

SHA-1:
315f534eb0043778182d7feaed1cb1d759fc4f7d

SHA-256:
2d0d0698e12e2d7bf20142b3b194703b49e528f36aa7e256d2b60325759e00bc

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
5/9/2024 2:40:20 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CC
835

AVG
Generic
2015.0.3313

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.141022

Bitdefender
Adware.SwiftBrowse.CC
1.0.20.1475

Emsisoft Anti-Malware
Adware.SwiftBrowse.CC
8.14.10.22.05

ESET NOD32
Win64/BrowseFox (variant)
8.10604

F-Secure
Adware.SwiftBrowse.CC
11.2014-22-10_4

G Data
Adware.SwiftBrowse.CC
14.10.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.22.05

MicroWorld eScan
Adware.SwiftBrowse.CC
15.0.0.885

nProtect
Adware.SwiftBrowse.CC
14.10.22.01

Reason Heuristics
Adware.Yontoo.AdvanceElite.AA
14.10.20.2

Sophos
Generic PUA DB
4.98

VIPRE Antivirus
Yontoo
34150

ViRobot
Adware.SwiftBrowse.1087216
2011.4.7.4223

File size:
1 MB (1,087,216 bytes)

Product version:
1.0.5405.23933

Original file name:
AdvanceElite.BrowserAdapter.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\advanceelite\bin\plugins\advanceelite.browseradapter.dll

Digital Signature
Signed by:
AdvanceElite

Authority:
VeriSign, Inc.

Valid from:
9/2/2014 6:00:00 AM

Valid to:
9/3/2015 5:59:59 AM

Subject:
CN=AdvanceElite, O=AdvanceElite, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E2E56B75E7E0844E10D5BE52CDF0E39

File PE Metadata
Compilation timestamp:
10/20/2014 10:21:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:8/qOmAeIsGmIL2NH+jeRhtxstvFa11QHyLXp9A+pxx3kNCw8d:8/qwmIKRUeAt9MLPRkNCw8d

Entry address:
0x109452

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 7D, 00, 00, 00, 94, 94, 10, 00, 94, 76, 10, 00, 52, 53, 44, 53, 80, E6, 2C, 0D, C6, 4B, B4, 44, 99, 38, 22, BF, 46, D8, 82, 44, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 75, 71, 79, 69, 77, 6A, 73, 70, 2E, 64, 31, 69, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,078,784 bytes)

Remove AdvanceElite.BrowserAdapter.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.