home

AdvanceMarkBrowserFilter.exe

AdvanceMark

Installed as part of the Yontoo AdvanceMark branded web browser extension, the BrowserFilter component is responsible for injecting advertising in the browser based on the context of the HTML being rendered. Ads are injected in the browser in the form of inline text, coupons, multi-site searching and additional offers. The application AdvanceMarkBrowserFilter.exe by AdvanceMark has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
AdvanceMark  (signed and verified)

Version:
0.0.0.0

MD5:
b4b36c7a2c5824a3336bbc333fa7e758

SHA-1:
3b97b95a9a267f71370c5e5cd4f5511bfce3c8cc

SHA-256:
41aaad8cb7819c3fff84fa3144c1744ba255c15cf1fba7122f1afc3d8c0240ed

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
4/27/2024 4:21:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.3.15.4

File size:
35.3 KB (36,128 bytes)

Product version:
0.0.0.0

Original file name:
AdvanceMarkBrowserFilter.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\advancemark\bin\advancemarkbrowserfilter.exe

Digital Signature
Signed by:
AdvanceMark

Authority:
VeriSign, Inc.

Valid from:
1/3/2014 1:00:00 AM

Valid to:
1/4/2015 12:59:59 AM

Subject:
CN=AdvanceMark, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AdvanceMark, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5232D19519B66390120163652BE1E89E

File PE Metadata
Compilation timestamp:
12/4/2014 12:18:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x88BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 71, 00, 00, 00, 00, 89, 00, 00, 00, 6B, 00, 00, 52, 53, 44, 53, F3, 03, 31, 78, 85, BA, 0F, 4F, B4, E3, D6, 49, 6B, 47, C1, E6, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 6F, 65, 70, 33, 7A, 6B, 62, 61, 2E, 66, 75, 71, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 42, 72, 6F, 77...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
26.5 KB (27,136 bytes)

Remove AdvanceMarkBrowserFilter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.