home

c9a465a5420c4accb1be3ac71ae80fda.dll

Round World

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module c9a465a5420c4accb1be3ac71ae80fda.dll, “TODO: <File description>” by Round World has been detected as adware by 28 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by Round World)

Description:
TODO: <File description>

Version:
4.0.0.3

MD5:
6d1b11034e6b735f896ab9360f1cb9eb

SHA-1:
e5324e191dbc15148a11ac5fa3ba4a7c9a59f8f7

SHA-256:
e7441d00cf03cd6e41f5039fae277d2a311eb7c04139557d2513f7815a39c551

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 9:57:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BU
6765824

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.06

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.214.2

AVG
AdPlugin
2016.0.3179

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.1535

Bitdefender
Adware.BrowseFox.BU
1.0.20.320

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Swiftbrowse-20
0.98/21411

Comodo Security
TrojWare.Win32.BrowseFox.FY
21306

Dr.Web
Trojan.BPlug.891
9.0.1.064

Emsisoft Anti-Malware
Adware.BrowseFox.BU
9.0.0.4799

ESET NOD32
Win32/BrowseFox.M potentially unwanted application
9.7.0.302.0

F-Prot
W32/MegaBrowse.A
v6.4.6.5.141

F-Secure
Adware.BrowseFox.BU
5.13.68

G Data
Adware.BrowseFox.BU
15.3.25

herdProtect (fuzzy)
variant of {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}.dll (Adware)
2015.6.12.11

IKARUS anti.virus
AdWare.BrowseBurst
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.200.15176

McAfee
Program.BrowseFox-FWL
16.8.708.2

MicroWorld eScan
Adware.BrowseFox.BU
16.0.0.192

NANO AntiVirus
Trojan.Win32.BPlug.dmjqza
0.30.0.296

nProtect
Adware.BrowseFox.BU
15.03.05.01

Panda Antivirus
Generic Suspicious
15.03.05.07

Reason Heuristics
PUP.Yontoo
15.3.5.18

Vba32 AntiVirus
AdWare.Kranet
3.12.26.3

VIPRE Antivirus
Adware.SearchProtect
32498

Zillya! Antivirus
Adware.Kranet.Win32.17
2.0.0.1900

File size:
278.7 KB (285,424 bytes)

Product version:
4.0.0.3

Copyright:
TODO: (c) <Company name>. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\round world\bin\c9a465a5420c4accb1be3ac71ae80fda.dll

Digital Signature
Signed by:
Round World

Authority:
VeriSign, Inc.

Valid from:
1/10/2015 7:00:00 PM

Valid to:
1/11/2016 6:59:59 PM

Subject:
CN=Round World, O=Round World, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E6F69E3F386155D988683D665483D02

Registration
CLSID:
{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
1/11/2015 6:51:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:1fcmhLlsosuE23UtV3s7wuBlCwjHdixnibVWajAnP0gQyez6Xjt6AlWEZ7Tfd5nM:1UmhJ/su3UPqXdiPa+0dZOTt6AToE0p

Entry address:
0x20437

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A1, 7E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, B8, 2D, 8E, 02, 10, A3, 98, F2, 03, 10, C7, 05, 9C, F2, 03, 10, 23, 85, 02, 10, C7, 05, A0, F2, 03, 10, D7, 84, 02, 10, C7, 05, A4, F2, 03, 10, 10, 85, 02, 10, C7, 05, A8, F2, 03, 10, 79, 84, 02, 10, A3, AC, F2, 03, 10, C7, 05, B0, F2, 03, 10, A5, 8D, 02, 10, C7, 05, B4, F2, 03, 10, 95, 84, 02, 10, C7, 05, B8, F2, 03, 10, F7, 83, 02, 10, C7, 05, BC, F2, 03, 10, 83, 83...
 
[+]

Entropy:
6.4994

Code size:
196 KB (200,704 bytes)

Remove c9a465a5420c4accb1be3ac71ae80fda.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.