home

Cantataweb.PurBrowseG.dll

Cantataweb

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module Cantataweb.PurBrowseG.dll by Cantataweb has been detected as adware by 9 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Cantataweb  (signed and verified)

Version:
1.0.5386.13936

MD5:
db309cffb8b03450552719734f7a9a71

SHA-1:
b31becad3866b4f45ab5149760c02b44fda5d77d

SHA-256:
ad41b70947404156f8d6c1b1580af47c43f22b50e399fc488b4fe73ed2abae20

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 6:09:31 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.175.218

AVG
Generic
2015.0.3335

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.14930

Dr.Web
Trojan.BPlug.233
9.0.1.05190

ESET NOD32
MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.3170

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.09.30.10

McAfee
BrowseFox.a
5600.6991

Reason Heuristics
PUP.Cantataweb.U
14.9.30.22

File size:
830.3 KB (850,208 bytes)

Product version:
1.0.5386.13936

Original file name:
Cantataweb.PurBrowseG.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\cantataweb\bin\plugins\cantataweb.purbrowseg.dll

Digital Signature
Signed by:
Cantataweb

Authority:
DigiCert Inc

Valid from:
6/9/2014 9:00:00 AM

Valid to:
6/17/2015 9:00:00 PM

Subject:
CN=Cantataweb, O=Cantataweb, L=Santa Monica, S=California, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
013BE12950E38B1ABDBF9C4FCB5C264F

File PE Metadata
Compilation timestamp:
9/30/2014 5:44:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:9xXNrm4B3NazeeYp+lGtiX3JbAQK3B2hEX0Jsm:9hN6w0v/K3Bxhm

Entry address:
0xCF702

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3918

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
822 KB (841,728 bytes)

Remove Cantataweb.PurBrowseG.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.