» BetterBrowse.BrowserFilterG.dll
Overview
Analysis
File Details

BetterBrowse.BrowserFilterG.dll

BetterBrowse

Installed as part of the Yontoo BetterBrowse branded web browser extension, the BrowserFilter component is responsible for injecting advertising in the browser based on the context of the HTML being rendered. Ads are injected in the browser in the form of inline text, coupons, multi-site searching and additional offers. The module BetterBrowse.BrowserFilterG.dll by BetterBrowse has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

BetterBrowse (signed and verified)

Version:

1.0.5169.36864

MD5:

a3492c0b999c9ecc70de63d5bb680476

SHA-1:

fe38560056431d698e59b207558fd57f03cfdde4

SHA-256:

c2dd46d3040fea95afb837ec300c7df35c6dc09369ba34eacee04b013d6f1736

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Yontoo ad injection web browser add-on.

Analysis date:

4/25/2024 11:35:27 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.BetterBrowse (M)

16.2.14.2

File size:

277.3 KB (283,944 bytes)

Product version:

1.0.5169.36864

Original file name:

BetterBrowse.BrowserFilterG.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\betterbrowse\bin\plugins\betterbrowse.browserfilterg.dll

Digital Signature

Signed by:

BetterBrowse

Authority:

VeriSign, Inc.

Valid from:

9/27/2013 2:00:00 AM

Valid to:

9/28/2015 1:59:59 AM

Subject:

CN=BetterBrowse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BetterBrowse, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

12F4B87646B8BAF069AA302DE756FE85

File PE Metadata

Compilation timestamp:

2/25/2014 9:29:04 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:04ebk6OCqoh9Yd/7Z58CpPFS0ORJkPTJo3W1uS1IMEImL5J:9eMG9Y1f80kpnkPTJb1/I5v

Entry address:

0x45292

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

269 KB (275,456 bytes)

Remove BetterBrowse.BrowserFilterG.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.