home

fasterlight.purbrowseg.dll

Follow Rules

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module fasterlight.purbrowseg.dll by Follow Rules has been detected as adware by 27 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Follow Rules  (signed and verified)

Version:
1.0.5563.25489

MD5:
9ef74bed1600d4e89bfa0ef07dd4d2c9

SHA-1:
c48a93d5c90077a61400aa816bc3f85b911a566c

SHA-256:
5240e664a6d2bd86b2a712c280d46b09d967839dbc91754da23fa76e56c58f58

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/19/2024 12:32:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.CD
6339179

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.27

Avira AntiVirus
ADWARE/BrowseFox.Gen7
3.6.1.96

avast!
MSIL:BrowseFox-S [PUP]
150319-0

AVG
Generic
2016.0.3158

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.15327

Bitdefender
Adware.BrowseFox.CD
1.0.20.430

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Yontoo.1734
9.0.1.05190

Emsisoft Anti-Malware
Adware.BrowseFox.CD
9.0.0.4799

ESET NOD32
MSIL/BrowseFox.L potentially unwanted application
7.0.302.0

F-Prot
W32/S-18d1a68a
v6.4.7.1.166

F-Secure
Adware.BrowseFox.CD
5.13.68

G Data
Adware.BrowseFox.CD
15.3.25

IKARUS anti.virus
PUA.MSIL.BrowseFox
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15399

Malwarebytes
PUP.Optional.Sanbreel.A
v2015.03.27.07

McAfee
Program.BrowseFox.g
16.8.708.2

MicroWorld eScan
Adware.BrowseFox.CD
16.0.0.258

NANO AntiVirus
Riskware.Win32.BPlug.djpkri
0.30.8.659

nProtect
Adware.BrowseFox.CD
15.03.27.01

Panda Antivirus
Trj/CI.A
15.03.27.07

Quick Heal
Adware.Updater.A3
3.15.14.00

Reason Heuristics
PUP.Yontoo
15.3.27.7

Trend Micro House Call
TROJ_GEN.R0C1C0PCQ15
7.2.86

Trend Micro
TROJ_GEN.R0C1C0PCQ15
10.465.27

VIPRE Antivirus
Threat.4741131
38552

File size:
1 MB (1,063,152 bytes)

Product version:
1.0.5563.25489

Original file name:
FasterLight.PurBrowseG2015032622.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\faster light\bin\plugins\fasterlight.purbrowseg.dll

Digital Signature
Signed by:
Follow Rules

Authority:
VeriSign, Inc.

Valid from:
1/11/2015 1:00:00 AM

Valid to:
1/12/2016 12:59:59 AM

Subject:
CN=Follow Rules, O=Follow Rules, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
360C16AC576B09F5DFA927EA0089856F

File PE Metadata
Compilation timestamp:
3/26/2015 11:09:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:hauXzb2M4c0doAwrvE96zusOyv+iCTduqUJf5Mk:D2M4ZdqvEYzusOy8YFfuk

Entry address:
0x10378E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,054,720 bytes)

Remove fasterlight.purbrowseg.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.