home

clearthink.purbrowse64.exe

ClearThink

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application clearthink.purbrowse64.exe by ClearThink has been detected as adware by 19 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
ClearThink  (signed and verified)

MD5:
f135dcbc10e88ede96c66702aba42e2a

SHA-1:
236cf1b8ae9b905331ebb2bd812a44a2c7e3d5ff

SHA-256:
bcabc857c209d5de2fc09a66c864393966602aa918c5d443015d99d5e49bb4d9

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/24/2024 9:26:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.AM
793

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2014.09.20

avast!
Win64:BrowseFox-A [PUP]
2014.9-140922

AVG
Generic
2015.0.3344

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.14922

Bitdefender
Adware.SwiftBrowse.AM
1.0.20.1690

Clam AntiVirus
Win.Adware.Swiftbrowse-279
0.98/19414

Emsisoft Anti-Malware
Adware.SwiftBrowse.AM
8.14.12.04.10

ESET NOD32
Win64/BrowseFox.A potentially unwanted application
8.7.0.302.0

F-Secure
Adware.SwiftBrowse.AM
11.2014-04-12_5

G Data
Adware.SwiftBrowse.AM
14.12.24

herdProtect (fuzzy)
variant of greenerweb.purbrowse64.exe (Adware)
2014.12.4.14

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.7.8.0

MicroWorld eScan
Adware.SwiftBrowse.AM
15.0.0.1014

nProtect
Adware.SwiftBrowse.AM
14.09.12.01

Reason Heuristics
PUP.ClearThink.V
14.9.22.10

Sophos
PUA.Browse Fox
55

VIPRE Antivirus
Threat.4741131
32938

File size:
341.7 KB (349,936 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\clearthink\bin\clearthink.purbrowse64.exe

Digital Signature
Signed by:
ClearThink

Authority:
VeriSign, Inc.

Valid from:
8/5/2014 2:00:00 AM

Valid to:
8/6/2015 1:59:59 AM

Subject:
CN=ClearThink, O=ClearThink, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1200063ED04B1DA36F7FE204B3DD8617

File PE Metadata
Compilation timestamp:
9/9/2014 11:53:44 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
6144:6mTV6EBlub61yGYZW+WpVdDhiIqqoPPBFvueqTlbk5C/QDV0wU7YBTBhxOsr/NIX:6uV6Mub6YW/pV9W9TvKjZ7YBTXcyrC

Entry address:
0x25110

Entry point:
48, 83, EC, 28, E8, 77, 94, 00, 00, 48, 83, C4, 28, E9, 76, FE, FF, FF, CC, CC, 4C, 8D, 0D, 25, A5, 02, 00, 33, C0, 49, 8B, D1, 44, 8D, 40, 08, 3B, 0A, 74, 2B, FF, C0, 49, 03, D0, 83, F8, 2D, 72, F2, 8D, 41, ED, 83, F8, 11, 77, 06, B8, 0D, 00, 00, 00, C3, 81, C1, 44, FF, FF, FF, B8, 16, 00, 00, 00, 83, F9, 0E, 41, 0F, 46, C0, C3, 48, 98, 41, 8B, 44, C1, 04, C3, CC, 48, 83, EC, 28, E8, DB, 5E, 00, 00, 48, 85, C0, 75, 09, 48, 8D, 05, 37, A6, 02, 00, EB, 04, 48, 83, C0, 10, 48, 83, C4, 28, C3, 48, 83, EC, 28...
 
[+]

Code size:
230.5 KB (236,032 bytes)

Remove clearthink.purbrowse64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.