home

dc592624f53243119fc7.dll

AdvanceElite

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module dc592624f53243119fc7.dll by AdvanceElite has been detected as adware by 19 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
AdvanceElite  (signed and verified)

MD5:
8d95d3cfa1f29ba770c2cbb1c966d729

SHA-1:
dba033cfeb59b4f64f4ceb309e49567d9917f7c7

SHA-256:
f0964e787bca22343aa3d64d924856e0cbbb6f660f5efef6f41f38d837ba3378

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 7:00:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CC
836

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.180.144

AVG
Generic
2015.0.3314

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.141022

Bitdefender
Adware.SwiftBrowse.CC
1.0.20.1475

Clam AntiVirus
Win.Adware.Swiftbrowse-546
0.98/21411

Dr.Web
Trojan.BPlug.301
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.CC
8.14.10.22.08

ESET NOD32
probably Win32/BrowseFox.N potentially unwanted application
7.0.302.0

F-Secure
Adware.SwiftBrowse.CC
11.2014-22-10_4

G Data
Adware.SwiftBrowse.CC
14.10.24

McAfee
BrowseFox
5600.6970

MicroWorld eScan
Adware.SwiftBrowse.CC
15.0.0.885

NANO AntiVirus
Riskware.Win32.Kranet.dgstaw
0.28.2.62841

nProtect
Adware.SwiftBrowse.CC
14.10.22.01

Reason Heuristics
PUP.AdvanceElite.U
14.10.22.8

Sophos
Browse Fox
4.98

VIPRE Antivirus
Threat.4741131
33706

File size:
190.2 KB (194,800 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\advanceelite\bin\dc592624f53243119fc7.dll

Digital Signature
Signed by:
AdvanceElite

Authority:
VeriSign, Inc.

Valid from:
9/1/2014 8:00:00 PM

Valid to:
9/2/2015 7:59:59 PM

Subject:
CN=AdvanceElite, O=AdvanceElite, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E2E56B75E7E0844E10D5BE52CDF0E39

File PE Metadata
Compilation timestamp:
10/13/2014 7:32:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:nP37RBT2symmM3xx0y9dH0Xhk7IQ0Li41iTzYG5vVkc7qzX9PfDqds585r:nPLjrX9dH0Xhe8i41EzYGNVVGz9nDasQ

Entry address:
0x11BED

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 81, 7C, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, D0, 45, 02, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 34, 40, 02, 10, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64...
 
[+]

Entropy:
6.5606

Code size:
139.5 KB (142,848 bytes)

Remove dc592624f53243119fc7.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.