home

clearthink.ieupdate.dll

ClearThink

This is the Internet Explorer add-on for the Yontoo ClearThink branded web browser plugin (injects banner, text-link and popup ads). The component is responisble for registering the Browser Helper Object into IE and keeping it registered. The module clearthink.ieupdate.dll by ClearThink has been detected as adware by 18 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
ClearThink  (signed and verified)

Version:
1.0.5468.31524

MD5:
8288dd50b6646f14f29e67481a63ef02

SHA-1:
1ac5698f1ad58334f65c1d62888f19e226df4c44

SHA-256:
35f0f49637a4e982a981f3e3b92e672e763cb7d67ebfd6aa4057d6ea48a8fccb

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser add-on for Internet Explorer.

Analysis date:
4/19/2024 12:30:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CN
6213306

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2014.12.22

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.197.26

AVG
Generic
2015.0.3253

Bitdefender
Adware.SwiftBrowse.CN
1.0.20.1780

Emsisoft Anti-Malware
Adware.SwiftBrowse.CN
9.0.0.4668

ESET NOD32
MSIL/BrowseFox.L potentially unwanted application
7.0.302.0

F-Prot
W32/S-7aa9c30a
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CN
5.13.68

G Data
Adware.SwiftBrowse.CN
14.12.24

IKARUS anti.virus
PUA.MSIL.BrowseFox
t3scan.1.8.5.0

K7 AntiVirus
Adware
13.188.14395

McAfee
Artemis!8288DD50B664
5600.6909

MicroWorld eScan
Adware.SwiftBrowse.CN
15.0.0.1068

Norman
Adware.SwiftBrowse.CN
04.12.2014 14:30:06

nProtect
Adware.SwiftBrowse.CN
14.12.19.01

Reason Heuristics
Adware.Yontoo.ClearThink.S
14.12.22.4

VIPRE Antivirus
Threat.4741131
35418

File size:
658.2 KB (674,032 bytes)

Product version:
1.0.5468.31524

Original file name:
ClearThink.IEUpdate2014122201.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\clearthink\bin\plugins\clearthink.ieupdate.dll

Digital Signature
Signed by:
ClearThink

Authority:
VeriSign, Inc.

Valid from:
10/9/2014 3:00:00 AM

Valid to:
8/6/2015 2:59:59 AM

Subject:
CN=ClearThink, O=ClearThink, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59B72B1DB71CE323997B1EAF80E12AAE

File PE Metadata
Compilation timestamp:
12/22/2014 4:30:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:s/bbc0nheBkLBMQczm+RSZqSX6Xdu8A6Sdi1dAyzq4ltGGF/c0lOsZsyW:uXFBMQibUn6qFkDNkOBl9syW

Entry address:
0xA479E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8199

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
650 KB (665,600 bytes)

Remove clearthink.ieupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.