home

blindbatBrowserFilter.exe

blindbat

Installed as part of the Yontoo blindbat branded web browser extension, the BrowserFilter component is responsible for injecting advertising in the browser based on the context of the HTML being rendered. Ads are injected in the browser in the form of inline text, coupons, multi-site searching and additional offers. The application blindbatBrowserFilter.exe by blindbat has been detected as adware by 3 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
blindbat  (signed and verified)

Version:
0.0.0.0

MD5:
faa02fc7be9b8dd6bdbb167f9ed011f6

SHA-1:
04ae1f1221bfc645c1a3ec6a235af82e2906ceb6

SHA-256:
995edc2c51afb8a4ac78355265a73d232a8b221e5e702281f29a4af9d0ba92c5

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
5/9/2024 12:18:20 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/BrowseFox.B potentially unwanted application
7.0.302.0

Malwarebytes
PUP.Optional.Sambreel.A
v2014.08.04.01

Reason Heuristics
Adware.Yontoo.blindbat.V
14.8.4.1

File size:
40.8 KB (41,752 bytes)

Product version:
0.0.0.0

Original file name:
blindbatBrowserFilter.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\blindbat\bin\blindbatbrowserfilter.exe

Digital Signature
Signed by:
blindbat

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 8:00:00 PM

Valid to:
11/27/2014 7:59:59 PM

Subject:
CN=blindbat, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=blindbat, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0B7F97173CD91AC680AED809CA9B3B59

File PE Metadata
Compilation timestamp:
1/27/2014 11:21:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:u1GVWLDqK3K3N6ijC3HMci8UAfXTaR3gx0Y1pZcI43IMJuERQe8Z6JVeIFrcFwV1:lNjCXFl1jIWNH92s6JhSwVYN/TuThf

Entry address:
0x9FFA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, A0, 00, 00, 7C, 02, 00, 00, 00, 00, 00, 00, 7C, 02, 34, 00, 00, 00, 56, 00, 53, 00, 5F, 00, 56, 00, 45, 00, 52, 00, 53, 00, 49, 00, 4F, 00, 4E, 00, 5F, 00, 49, 00...
 
[+]

Entropy:
6.0866

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
32 KB (32,768 bytes)

Remove blindbatBrowserFilter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.