home

digidocket.purbrowse.exe

Digi Docket

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application digidocket.purbrowse.exe by Digi Docket has been detected as adware by 28 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Digi Docket  (signed and verified)

MD5:
8f9569a5aad92f42651e3ffffb4d3b6c

SHA-1:
2999679eafa04fbfa1dfffc4cba437d10da83509

SHA-256:
07675b49c66bf16ef2c814bb63fa41b98aed4aa3f215ba41e3b3fea891fc88a7

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 8:22:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CV
701

Agnitum Outpost
Trojan.BPlug
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.06

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.214.42

avast!
MSIL:BrowseFox-AJ [PUP]
2014.9-150612

AVG
Generic
2016.0.3179

Baidu Antivirus
Hacktool.Win32.NetFilter
4.0.3.1536

Bitdefender
Gen:Variant.Adware.Jaik.5645
1.0.20.325

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Swiftbrowse-1101
0.98/20242

Comodo Security
Application.Win32.AltBrowse.ZPGI
21311

Dr.Web
Trojan.BPlug.929
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.CV
8.15.03.06.04

ESET NOD32
Win32/NetFilter.A potentially unsafe application
9.7.0.302.0

F-Prot
W32/S-4dc21c6d
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CV
11.2015-06-03_6

G Data
Gen:Variant.Adware.Jaik.5645
15.3.25

herdProtect (fuzzy)
variant of podoweb.purbrowse.exe (Adware)
2015.6.12.19

K7 AntiVirus
Unwanted-Program
13.200.15179

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Kranet
15.0.0.543

McAfee
Program.BrowseFox-FVX
5600.6835

MicroWorld eScan
Adware.SwiftBrowse.CV
16.0.0.195

NANO AntiVirus
Trojan.Win32.BPlug.dnpvno
0.30.0.296

Norman
Adware.SwiftBrowse.CO
11.20150612

Reason Heuristics
PUP.Yontoo
15.3.6.5

Vba32 AntiVirus
AdWare.Kranet
3.12.26.3

VIPRE Antivirus
Threat.4741131
38552

Zillya! Antivirus
Backdoor.PePatch.Win32.64142
2.0.0.2089

File size:
289.7 KB (296,696 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\digi docket\bin\digidocket.purbrowse.exe

Digital Signature
Signed by:
Digi Docket

Authority:
VeriSign, Inc.

Valid from:
12/17/2014 1:00:00 AM

Valid to:
12/18/2015 12:59:59 AM

Subject:
CN=Digi Docket, O=Digi Docket, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7B3162550DBA3A8F351A50ABE845DC1C

File PE Metadata
Compilation timestamp:
3/6/2015 3:15:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
6144:GbkyGUHUG1OjdpUalGhZB2OtvYTBQNsJKS:+kyGUHUfjdpUalGhZB2OtvYTuRS

Entry address:
0x2150E

Entry point:
E8, 45, 84, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 88, 34, 44, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 8C, 34, 44, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, F4, 51, 00, 00, 85, C0, 75, 06, B8, F0, 35, 44, 00, C3, 83, C0, 08, C3, E8, E1, 51, 00, 00, 85, C0, 75, 06, B8, F4, 35, 44, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Code size:
211 KB (216,064 bytes)

Remove digidocket.purbrowse.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.