» glindorus.expext.exe
Overview
Analysis
File Details

glindorus.expext.exe

glindorus

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application glindorus.expext.exe by glindorus has been detected as adware by 17 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

glindorus (signed and verified)

Version:

1.0.5442.37494

MD5:

4251e17db28508415513690ba8417ba3

SHA-1:

c2654a2a0b7be4ade6e259225353241736eb77fc

SHA-256:

d54523cd531a2dc1905d263ba740812dceaa5944d14eb69c76086f1b79a42d79

Scanner detections:

17 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/26/2024 9:27:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.CO

799

AhnLab V3 Security

Win-PUP/BrowseFox.Gen

2014.11.28

Avira AntiVirus

Adware/BrowseFox.aos

7.11.189.64

AVG

Skodna.glindorus

2015.0.3277

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.141128

Bitdefender

Adware.SwiftBrowse.CO

1.0.20.1660

Emsisoft Anti-Malware

Adware.SwiftBrowse.CO

9.0.0.4570

ESET NOD32

Win64/BrowseFox.G potentially unwanted application

8.7.0.302.0

F-Secure

Adware.SwiftBrowse.CO

11.2014-28-11_6

G Data

Adware.SwiftBrowse.CO

14.11.24

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.186.14161

MicroWorld eScan

Adware.SwiftBrowse.CO

15.0.0.996

nProtect

Adware.SwiftBrowse.CO

14.11.27.01

Reason Heuristics

PUP.glindorus.P

14.11.28.0

Sophos

Browse Fox

4.98

VIPRE Antivirus

Threat.5061968

35088

File size:

99.3 KB (101,664 bytes)

Product version:

1.0.5442.37494

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\glindorus\bin\glindorus.expext.exe

Digital Signature

Signed by:

glindorus

Authority:

VeriSign, Inc.

Valid from:

9/19/2013 8:00:00 AM

Valid to:

9/20/2015 7:59:59 AM

Subject:

CN=glindorus, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=glindorus, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

38CA8426D3AC22743D3790B6CAB486B4

File PE Metadata

Compilation timestamp:

11/28/2014 1:53:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:kB61AHhYfg0e+t/gEWGnadKCxXfPWK6tHEkqnMB9uotSVgMRwJ:jchYTei7YxXf+K69RtSVgyw

Entry address:

0x561E

Entry point:

E8, AB, 3C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 64, 7F, 41, 00, FF, 15, 4C, 20, 41, 00, 85, C0, 75, 18, 56, E8, 2F, 08, 00, 00, 8B, F0, FF, 15, 68, 20, 41, 00, 50, E8, DF, 07, 00, 00, 59, 89, 06, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, C0, 91, 41, 00, 00, 74, 05, E9, CD, 3C, 00, 00, 57, 8B... 
[+]

Entropy:

6.4312

Code size:

65.5 KB (67,072 bytes)

Remove glindorus.expext.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.