» advanceelite.dll
Overview
Analysis
File Details
Programs (1)
Downloads (1)

advanceelite.dll

AdvanceElite

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module advanceelite.dll by AdvanceElite has been detected as adware by 25 anti-malware scanners. This file is typically installed with the program AdvanceElite by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install-cdn.advanceelite.com.

File name:

advanceelite.dll

Publisher:

AdvanceElite (signed and verified)

Product:

AdvanceElite

Version:

1.0.0.3

MD5:

6b36f39ca4aa314cc003f1561f8ca6c7

SHA-1:

d70508069916f5b86b4862d474f1cdc0b7a3a31a

SHA-256:

8333153b477a542d0e3f3957093378fa72f44870c68a7313474b66bd32b771b2

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/30/2024 4:12:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.AdvanceElite.A

831

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/BrowseFox.Gen2

7.11.181.38

AVG

Adware BrowseFox.F

2014.0.4040

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.141026

Bitdefender

Adware.AdvanceElite.A

1.0.20.1495

Clam AntiVirus

Win.Adware.Agent-19674

0.98/21411

Comodo Security

Application.Win32.BrowseFox.JM

19890

Dr.Web

Trojan.BPlug.167

9.0.1.05190

Emsisoft Anti-Malware

Adware.AdvanceElite

8.14.10.26.07

ESET NOD32

Win32/BrowseFox.O potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/BrowseFox

10/26/2014

F-Secure

Adware.AdvanceElite.A

11.2014-26-10_1

G Data

Adware.AdvanceElite

14.10.24

Malwarebytes

PUP.Optional.AdvanceElite.A

v2014.10.26.07

McAfee

BrowseFox

5600.6965

MicroWorld eScan

Adware.AdvanceElite.A

15.0.0.897

NANO AntiVirus

Trojan.Win32.BPlug.dfohwl

0.28.2.62841

nProtect

Adware.AdvanceElite.A

14.10.24.01

Panda Antivirus

Trj/CI.A

14.10.26.07

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.AdvanceElite.M

14.10.26.19

Sophos

Generic PUA AI

4.98

VIPRE Antivirus

Yontoo

34220

Zillya! Antivirus

Backdoor.PePatch.Win32.48226

2.0.0.1967

File size:

244.7 KB (250,608 bytes)

Product version:

1.0.0.3

Original file name:

AdvanceEliteIEClient.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\advanceelite.dll

Digital Signature

Signed by:

AdvanceElite

Authority:

VeriSign, Inc.

Valid from:

9/2/2014 1:00:00 AM

Valid to:

9/3/2015 12:59:59 AM

Subject:

CN=AdvanceElite, O=AdvanceElite, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4E2E56B75E7E0844E10D5BE52CDF0E39

File PE Metadata

Compilation timestamp:

10/26/2014 10:47:18 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:DT6oqa7ZcJ83Z2qJC0SzN+3aT4id15+s+xIaIRENJHLIV:D6a7Zce3BCR9wxIebHLIV

Entry address:

0x12854

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 90, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 44, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 1C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3541

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

The file advanceelite.dll has been discovered within the following program.

AdvanceElite by Yontoo Technology, Inc.

This is an adware program.

advanceelite.com/support

84% remove it

The file advanceelite.dll has been seen being distributed by the following URL.

http://install-cdn.advanceelite.com/bed?bet=3

Remove advanceelite.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.