home

filterapp_c64.exe

TowerTilt

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application filterapp_c64.exe by TowerTilt has been detected as adware by 11 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TowerTilt  (signed and verified)

MD5:
9adec2659ba26bc2f9c4c9f792e3a7c7

SHA-1:
b05654e42cc97df20e7e88c43758420738cb138b

SHA-256:
2b4b51c431b925005120088d8fd1848a7e3721f13449a609130b3f8af4d5e977

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/19/2024 8:05:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NYV
1022

Agnitum Outpost
PUA.LinkSwift
7.1.1

Bitdefender
Adware.Agent.NYV
1.0.20.540

Emsisoft Anti-Malware
Adware.Agent.NYV
8.14.04.18.07

ESET NOD32
Win64/BrowseFox
8.9614

F-Secure
Adware.Agent.NYV
11.2014-18-04_6

G Data
Adware.Agent.NYV
14.4.24

MicroWorld eScan
Adware.Agent.NYV
15.0.0.324

nProtect
Adware.Agent.NYV
14.04.03.01

Reason Heuristics
PUP.TowerTilt.N
14.4.20.21

VIPRE Antivirus
Trojan.Win32.Generic
27864

File size:
280.3 KB (287,008 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\towertilt\bin\filterapp_c64.exe

Digital Signature
Signed by:
TowerTilt

Authority:
VeriSign, Inc.

Valid from:
2/3/2014 2:00:00 PM

Valid to:
2/4/2015 1:59:59 PM

Subject:
CN=TowerTilt, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TowerTilt, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0DC21B60DDFB723E55B2F05376083F29

File PE Metadata
Compilation timestamp:
2/7/2014 1:04:00 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
6144:PTv11Hk5pY1tEZwbH4K5lkqq+hKTI/ed+u7YiTBAi0roUO:r11HniZ+51poJ7YiT2i0a

Entry address:
0x20030

Entry point:
48, 83, EC, 28, E8, 53, 77, 00, 00, 48, 83, C4, 28, E9, 76, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 7C, 24, 18, 55, 48, 8B, EC, 48, 83, EC, 60, 48, 8B, FA, 48, 8B, D9, 48, 8D, 4D, C0, 48, 8D, 15, 59, 06, 01, 00, 41, B8, 40, 00, 00, 00, E8, 8E, E4, FF, FF, 48, 8D, 55, 10, 48, 8B, CF, 48, 89, 5D, E8, 48, 89, 7D, F0, E8, 0E, 99, 00, 00, 4C, 8B, D8, 48, 89, 45, 10, 48, 89, 45, F8, 48, 85, FF, 74, 1B, F6, 07, 08, B9, 00, 40, 99, 01, 74, 05, 89, 4D, E0, EB, 0C, 8B, 45, E0, 4D, 85, DB, 0F, 44, C1, 89, 45...
 
[+]

Entropy:
6.3002

Code size:
185 KB (189,440 bytes)

Remove filterapp_c64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.