» c2c4dbd5-e587-4fc6-82d0-b962a4b6fcad.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

c2c4dbd5-e587-4fc6-82d0-b962a4b6fcad.dll

AtuZi

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module c2c4dbd5-e587-4fc6-82d0-b962a4b6fcad.dll by AtuZi has been detected as adware by 30 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘AtuZi’. This file is typically installed with the program AtuZi by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

AtuZi (signed and verified)

Product:

AtuZi

Version:

1.0.0.3

MD5:

ebeedf55b3c4c61c4c190a27eeafca18

SHA-1:

d7bb4dd8fc174d6919c953bebf8e85fddab3abb2

SHA-256:

02cbcb542c2d2a3f6a457c8d5776d5bb3e3a7b550a1b81f450e3b7df1a9e194c

Scanner detections:

30 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/26/2024 6:55:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.BHO.Agent.4

833

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

Adware/Win32.Agent

2014.07.07

Avira AntiVirus

APPL/BrowseFox.Gen2

7.11.158.178

AVG

BrowseFox.F

2015.0.3311

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.141024

Bitdefender

Gen:Variant.Adware.BHO.Agent.4

1.0.20.1485

Clam AntiVirus

Win.Adware.Agent-7283

0.98/21411

Comodo Security

Application.Win32.Altbrowse.AK

18794

Dr.Web

Trojan.BPlug.31

9.0.1.0297

Emsisoft Anti-Malware

Gen:Variant.Adware.BHO.Agent

8.14.10.24.06

ESET NOD32

Win32/BrowseFox (variant)

8.10055

Fortinet FortiGate

Adware/Agent

10/24/2014

F-Secure

Gen:Variant.Adware.BHO.Agent.4

11.2014-24-10_6

G Data

Gen:Variant.Adware.BHO.Agent

14.10.24

K7 AntiVirus

Unwanted-Program

13.180.12626

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.3051

Malwarebytes

PUP.Optional.AtuZi.A

v2014.10.24.06

McAfee

Artemis!EBEEDF55B3C4

5600.6967

MicroWorld eScan

Gen:Variant.Adware.BHO.Agent.4

15.0.0.891

NANO AntiVirus

Riskware.Win32.Agent.czmzab

0.28.0.60577

Panda Antivirus

Trj/CI.A

14.10.24.06

Qihoo 360 Security

Win32/Trojan.Adware.dbc

1.0.0.1015

Quick Heal

AdWare.Agent.r5 (Not a Virus)

10.14.14.00

Reason Heuristics

PUP.BHO.AtuZi.e

14.10.24.18

Sophos

Browse Fox

4.98

SUPERAntiSpyware

Adware.BrowseFox/Variant

10279

Trend Micro House Call

Suspicious_GEN.F47V0616

7.2.297

VIPRE Antivirus

Yontoo

31042

Zillya! Antivirus

Adware.Agent.Win32.9429

2.0.0.1847

File size:

243.8 KB (249,624 bytes)

Product version:

1.0.0.3

Original file name:

AtuZiIEClient.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\atuzi\c2c4dbd5-e587-4fc6-82d0-b962a4b6fcad.dll

Digital Signature

Signed by:

AtuZi

Authority:

VeriSign, Inc.

Valid from:

4/17/2014 8:00:00 AM

Valid to:

4/18/2015 7:59:59 AM

Subject:

CN=AtuZi, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AtuZi, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1095EBEC0EFD96E9E4C801DCA0909C26

Registration

CLSID:

{f56d588c-326b-493e-b6d4-145a03d5c64e}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

6/15/2014 1:35:50 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:CvDkV941twQCzTC4XEuCxPvlSWX+aNeR7+BIaIB0SDs9Llz:CvwH3XtCxgNCIygULlz

Entry address:

0x12844

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 10, 2D, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, C4, 67, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 6C, A1, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3626

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

Internet Explorer BHO

Display name:

AtuZi

CLSID:

{f56d588c-326b-493e-b6d4-145a03d5c64e}

The file c2c4dbd5-e587-4fc6-82d0-b962a4b6fcad.dll has been discovered within the following programs.

AtuZi by Yontoo Technology, Inc.

AtuZi is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.

a-tu-zi.com/support

80% remove it

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Remove c2c4dbd5-e587-4fc6-82d0-b962a4b6fcad.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.