home

{cc30460f-753f-44d9-b58c-13dae1321968}w64.sys

Jump Flip

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file {cc30460f-753f-44d9-b58c-13dae1321968}w64.sys by Jump Flip has been detected as adware by 32 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “{cc30460f-753f-44d9-b58c-13dae1321968}w64”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
StdLib  (signed by Jump Flip)

Product:
StdLib

Version:
1.4.3.1 built by: WinDDK

MD5:
fecc2901561da5b5acb20581126127ef

SHA-1:
a439615aff0ccd56295775749a193b53b7030c7d

SHA-256:
e30494185a5c1bc3a6dcb0c30d0b06718399809f11b788a2b7107754f68345c0

Scanner detections:
32 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/20/2024 5:07:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CH
540

Agnitum Outpost
Riskware.NetFilter
7.1.1

AhnLab V3 Security
Trojan/Win64.SwiftBrowse
2014.09.23

avast!
Win32:BrowseFox-DZ [PUP]
2014.9-150813

AVG
Adware AdPlugin
2016.0.3018

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15813

Bitdefender
Adware.SwiftBrowse.BV
1.0.20.1125

Bkav FE
W64.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Swiftbrowse-284
0.98/21411

Comodo Security
UnclassifiedMalware
18740

Dr.Web
Trojan.Yontoo.1734
9.0.1.0225

Emsisoft Anti-Malware
Adware.SwiftBrowse.CH
8.15.08.13.02

ESET NOD32
Win64/BrowseFox.CG potentially unwanted application
9.7.0.302.0

F-Prot
W64/A-abca7297
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CH
11.2015-13-08_5

G Data
Adware.SwiftBrowse.BV
15.8.24

herdProtect (fuzzy)
variant of {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys (Adware)
2015.9.25.11

IKARUS anti.virus
AdWare.SpadeCast
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.196.15011

Malwarebytes
PUP.Optional.NetFilter
v2015.08.13.02

McAfee
Artemis!F317955BEF2D
5600.6674

MicroWorld eScan
Adware.SwiftBrowse.BV
16.0.0.675

Norman
Adware.SwiftBrowse.CH
11.20150813

nProtect
Adware.SwiftBrowse.BV
14.09.22.01

Qihoo 360 Security
Win32/Trojan.RiskWare.a25
1.0.0.1015

Reason Heuristics
PUP.Yontoo.JumpFlip (M)
15.8.13.14

Sophos
BrowseSmart
4.98

SUPERAntiSpyware
Adware.BrowseFox/Variant
9694

Trend Micro House Call
Suspicious_GEN.F47V0617
7.2.225

Trend Micro
HS_BROWSEFOX.SM
10.465.13

VIPRE Antivirus
Trojan.Win32.Generic
33352

Zillya! Antivirus
Adware.Yotoon.Win64.3
2.0.0.1901

File size:
60.2 KB (61,632 bytes)

Product version:
1.4.3.1

Copyright:
Copyright © 2013 StdLib

Original file name:
StdLib.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\{cc30460f-753f-44d9-b58c-13dae1321968}w64.sys

Digital Signature
Signed by:
Jump Flip

Authority:
VeriSign, Inc.

Valid from:
8/21/2013 8:00:00 PM

Valid to:
8/22/2015 7:59:59 PM

Subject:
CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata
Compilation timestamp:
7/30/2014 3:31:58 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
768:4ot2dxF9O8ZF33iqiIy938bWp9XcfBfyQ7owidI9oT:49JRicy938ip9efV1jiT

Entry address:
0xF064

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 2E, 20, FF, FF, CC, CC, 38, F2, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1C, F6, 00, 00, 60, C1, 00, 00, 28, F1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BE, F9, 00, 00, 50, C0, 00, 00, D8, F0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B6, FA, 00, 00, 00, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9A, FA, 00, 00, 00, 00, 00, 00, 86, FA, 00, 00...
 
[+]

Entropy:
5.9349

Code size:
46.5 KB (47,616 bytes)

Driver
Display name:
{cc30460f-753f-44d9-b58c-13dae1321968}w64

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.