home

{e63d9559-e4c3-499e-867a-a3c9d0a21400}.dll

XVRNT

raving reyven

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module {e63d9559-e4c3-499e-867a-a3c9d0a21400}.dll, “TODO: <File description>” by raving reyven has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TODO: <Company name>  (signed by raving reyven)

Product:
XVRNT

Description:
TODO: <File description>

Version:
2.1.0.3

MD5:
e6302019bd5c9f0753abdab8d90811f0

SHA-1:
9577ccb9de90474a2524569fa91faecc29c2276e

SHA-256:
cafbb334f8e3d71c74e2f804d8f0245e1756e6a3895fdb670d3da1666393e4f9

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 11:15:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OCH
926

Agnitum Outpost
PUA.Agent
7.1.1

AVG
MalSign.Slizearch
2015.0.3404

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14723

Bitdefender
Adware.Agent.OCH
1.0.20.1020

Clam AntiVirus
Win.Adware.Swiftbrowse-20
0.98/19073

Dr.Web
Trojan.BPlug.102
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.OCH
8.14.07.23.01

ESET NOD32
Win32/BrowseFox.K potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/BrowseFox
7/23/2014

F-Prot
W32/MegaBrowse.A
v6.4.6.5.141

F-Secure
Adware.Agent.OCH
11.2014-23-07_4

G Data
Adware.Agent.OCH
14.7.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.Yotoon
15.0.0.494

McAfee
Artemis!842EDB4C77B1
5600.7060

MicroWorld eScan
Adware.Agent.OCH
15.0.0.612

nProtect
Adware.Agent.OCH
14.05.22.01

Reason Heuristics
PUP.ravingreyven.g
14.7.23.13

Sophos
Generic PUA CG
4.98

Vba32 AntiVirus
AdWare.LinkSwift
3.12.26.0

VIPRE Antivirus
Threat.4150696
29418

Zillya! Antivirus
Adware.SwiftBrowse.Win32.7
2.0.0.1828

File size:
290.3 KB (297,256 bytes)

Product version:
2.1.0.3

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
XTLS.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\raving reyven\bin\{e63d9559-e4c3-499e-867a-a3c9d0a21400}.dll

Digital Signature
Signed by:
raving reyven

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 1:00:00 AM

Valid to:
1/24/2015 12:59:59 AM

Subject:
CN=raving reyven, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=raving reyven, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1F869F0BA331D57B7D5A549783E5CA43

File PE Metadata
Compilation timestamp:
7/8/2014 8:15:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:bMWWlJqaR0i8de0V6WLedcAL2lb1ucFmJP840fs:Q7zBRnnS6WSbL2lb1ucFmd8

Entry address:
0x21E77

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EB, 84, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, B8, B7, AE, 02, 10, A3, 88, 33, 04, 10, C7, 05, 8C, 33, 04, 10, AD, A5, 02, 10, C7, 05, 90, 33, 04, 10, 61, A5, 02, 10, C7, 05, 94, 33, 04, 10, 9A, A5, 02, 10, C7, 05, 98, 33, 04, 10, 03, A5, 02, 10, A3, 9C, 33, 04, 10, C7, 05, A0, 33, 04, 10, 2F, AE, 02, 10, C7, 05, A4, 33, 04, 10, 1F, A5, 02, 10, C7, 05, A8, 33, 04, 10, 81, A4, 02, 10, C7, 05, AC, 33, 04, 10, 0D, A4...
 
[+]

Code size:
205 KB (209,920 bytes)

Remove {e63d9559-e4c3-499e-867a-a3c9d0a21400}.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.