home

fassurunun.exe

fassurun

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application fassurunun.exe by fassurun has been detected as adware by 10 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Buzzdock by Alactro LLC and fassurun by Yontoo Technology, Inc., both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
fassurun  (signed and verified)

Version:
1.0.0.0

MD5:
a187a2f07bafa12859306a579b062f58

SHA-1:
a233aadd9633be4e8b93846a8ba8f49483be8e43

SHA-256:
58a67dfb51443ce59f7bb97b8f877b50049842005949f493c437b1bfdfc2270d

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 8:24:30 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-141002

AVG
Fasuru
2015.0.3334

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.14102

Dr.Web
Trojan.BPlug.95
9.0.1.0275

ESET NOD32
MSIL/BrowseFox (variant)
8.10065

G Data
Win32.Trojan.Agent.K2CLXQ
14.10.24

McAfee
Artemis!A187A2F07BAF
5600.6990

Reason Heuristics
PUP.fassurun.K
14.10.2.6

Trend Micro House Call
Suspicious_GEN.F47V0628
7.2.275

VIPRE Antivirus
Yontoo
31100

File size:
530.8 KB (543,512 bytes)

Product version:
1.0.0.0

Original file name:
fassurun Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\fassurun\fassurunun.exe

Digital Signature
Signed by:
fassurun

Authority:
VeriSign, Inc.

Valid from:
8/20/2013 5:00:00 PM

Valid to:
8/20/2015 4:59:59 PM

Subject:
CN=fassurun, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=fassurun, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6EA3A2D62F7379560AF4974E60282338

File PE Metadata
Compilation timestamp:
6/17/2014 9:59:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:tA/ephiAC64EzakBjnilYwbNVXp8tdW79BUAQ8HVumOnpquQuU9aCSoUNwr5bWIb:tAui1KOlYwhk+7vUAQ8XpU+0gmZWXB

Entry address:
0x82B02

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0905

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
515 KB (527,360 bytes)

The file fassurunun.exe has been discovered within the following programs.

Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
fassurun  by Yontoo Technology, Inc.
This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.
fassurun.co/support
85% remove it
 
Powered by Should I Remove It?

Remove fassurunun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.