home

atuziuntemp.exe

AtuZi

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application atuziuntemp.exe by AtuZi has been detected as adware by 8 anti-malware scanners. Additionally, the file is typically installed by a number of programs including AtuZi by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
AtuZi  (signed and verified)

Version:
1.0.0.0

MD5:
76bb7bb1868c4974b00765bf3afe340d

SHA-1:
962d44edc20d5530f842b4c65588aa692b50958b

SHA-256:
47aceaa6f4c8a0ae78178d6cedc3b7b4bef5f0e528d30a68f021a2031498ab39

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 7:35:00 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
140813-1

AVG
Generic
2015.0.3367

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.14829

Dr.Web
Trojan.BPlug.95
9.0.1.05190

ESET NOD32
probably MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.AtuZi.L
14.8.29.14

Sophos
Browse Fox
4.98

VIPRE Antivirus
Threat.4741131
32210

File size:
530.8 KB (543,512 bytes)

Product version:
1.0.0.0

Original file name:
AtuZi Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\atuziuntemp.exe

Digital Signature
Signed by:
AtuZi

Authority:
VeriSign, Inc.

Valid from:
4/17/2014 1:00:00 AM

Valid to:
4/18/2015 12:59:59 AM

Subject:
CN=AtuZi, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AtuZi, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1095EBEC0EFD96E9E4C801DCA0909C26

File PE Metadata
Compilation timestamp:
7/19/2014 2:09:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:cAY8Jhu71BUERbSdj2oyCUDuil1GiBC4gIMr7F0NO0KKgQuU9aCSoxNwr2bIIozY:cAXWbUjU1l1GiwRx7F0Zpx+XzOBSi

Entry address:
0x82B0A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0927

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
515 KB (527,360 bytes)

The file atuziuntemp.exe has been discovered within the following programs.

AtuZi  by Yontoo Technology, Inc.
AtuZi is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
a-tu-zi.com/support
80% remove it
Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
 
Powered by Should I Remove It?

Remove atuziuntemp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.