home

gatesnapper.dll

gate snapper

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module gatesnapper.dll by gate snapper has been detected as adware by 39 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install-cdn.gatesnapper.com and multiple other hosts.
Publisher:
gate snapper  (signed and verified)

Product:
gate snapper

Version:
1.0.0.7

MD5:
120780cd5304ba285aca1e7a62eb33b9

SHA-1:
3a7761ba8eca6c22ddd3dd75590e968fe6c1aafa

SHA-256:
e9410d7cd0d3ae0b7867658f443aff21f705a843dd1a79197a83905aa0ad9e44

Scanner detections:
39 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
6/18/2024 9:37:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.CY
561

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.05.31

Avira AntiVirus
ADWARE/BrowseFox.Gen2
8.3.1.6

avast!
MSIL:BrowseFox-BE [PUP]
2014.9-150724

AVG
AdPlugin
2016.0.3039

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15724

Bitdefender
Adware.BrowseFox.CY
1.0.20.1025

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Browsefox-536
0.98/21511

Comodo Security
Application.Win32.BrowseFox.JM
20858

Dr.Web
Trojan.Yontoo.1734
9.0.1.0205

Emsisoft Anti-Malware
Gen:Variant.Mikey.11547
8.15.07.24.12

ESET NOD32
Win32/BrowseFox.AE potentially unwanted (variant)
9.11711

Fortinet FortiGate
Riskware/BrowseFox
7/24/2015

F-Prot
W32/S-9c4b2ea6
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.BHO.Agent.4
11.2015-24-07_6

G Data
Adware.BrowseFox.CY
15.7.25

herdProtect (fuzzy)
variant of gatesnapperbho.dll (Adware)
2015.8.25.2

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.204.16087

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1690

Malwarebytes
PUP.Optional.GateSnapper.A
v2015.07.24.12

McAfee
Artemis!F3F6C437852D
5600.6695

MicroWorld eScan
Adware.BrowseFox.CY
16.0.0.615

NANO AntiVirus
Trojan.Win32.Yontoo.dnkubo
0.30.24.1636

nProtect
Adware.BrowseFox.CY
15.05.29.01

Panda Antivirus
PUP/BrowserFox
15.07.24.12

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.MSJDGBTIR.OD5
7.15.14.00

Reason Heuristics
PUP.Yontoo.gatesnapper (M)
15.7.24.0

Rising Antivirus
PE:Adware.BrowseFox!6.1D8B
23.00.65.15722

Sophos
Generic PUA CN
4.98

SUPERAntiSpyware
Adware.BrowseFox/Variant
9735

Trend Micro House Call
TROJ_GEN.R047C0ODJ15
7.2.205

Trend Micro
TROJ_GEN.R047C0ODJ15
10.465.24

Vba32 AntiVirus
AdWare.MSIL.Agent
3.12.26.4

VIPRE Antivirus
Yontoo
40712

Zillya! Antivirus
Adware.Agent.Win32.9402
2.0.0.1850

File size:
262.7 KB (269,048 bytes)

Product version:
1.0.0.7

Copyright:
(c) gate snapper. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\gatesnapper.dll

Digital Signature
Signed by:
gate snapper

Authority:
VeriSign, Inc.

Valid from:
11/19/2014 4:00:00 PM

Valid to:
11/20/2015 3:59:59 PM

Subject:
CN=gate snapper, O=gate snapper, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
133A7A0373BA5F8F11B450D044B92146

File PE Metadata
Compilation timestamp:
2/15/2015 6:58:33 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:NmiYckxqEbUViVqUsVNXBB+/nFK3wY+lx9ZKTqhKjWcE21:NmiYckziiVMrXFdI9ZFYdv

Entry address:
0xF515

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EA, 7E, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, 21, 03, 10, E8, 4C, 02, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C4, 93, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.0738

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

The file gatesnapper.dll has been seen being distributed by the following 2 URLs.

http://install-cdn.gatesnapper.com/bed?r=2015021607&bet=3

http://install-cdn.gatesnapper.com/bed?r=2015021622&bet=3

Remove gatesnapper.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.