» grabrez.browserfilter.helper.dll
Overview
Analysis
File Details
Programs (1)

grabrez.browserfilter.helper.dll

GrabRez

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module grabrez.browserfilter.helper.dll by GrabRez has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program GrabRez by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

Publisher:

GrabRez (signed and verified)

MD5:

955e9d0fcfdbe8d431308271ed23a11c

SHA-1:

f2091fe9d4ac3948e2fac34db7ed2890ebad9286

SHA-256:

c07dfcf15dba1cce2a7adae58825b038bda06f471628751895c0e0abf5af494a

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/23/2024 8:14:58 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo.GrabRez (M)

16.2.6.8

File size:

388.8 KB (398,104 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\grabrez\grabrez.browserfilter.helper.dll

Digital Signature

Signed by:

GrabRez

Authority:

VeriSign, Inc.

Valid from:

11/27/2013 5:30:00 AM

Valid to:

11/28/2014 5:29:59 AM

Subject:

CN=GrabRez, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GrabRez, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

63321F6F4FC45CBD2C4E1616655D18DB

File PE Metadata

Compilation timestamp:

2/14/2014 10:57:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:9RLdBzWsg2wx/LuLK4Sce91SsFbGMG+/zxpzwU/NO554mWLIjM0O4Asi7HgfO:nLdHsLe/aJxGMGuxpR1OoSbOcCHSO

Entry address:

0x1A2DA

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F5, 61, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 40, D4, 05, 10, 89, 0D, 3C, D4, 05, 10, 89, 15, 38, D4, 05, 10, 89, 1D, 34, D4, 05, 10, 89, 35, 30, D4, 05, 10, 89, 3D, 2C, D4, 05, 10, 66, 8C, 15, 58, D4, 05, 10, 66, 8C, 0D, 4C, D4, 05, 10, 66, 8C, 1D, 28, D4, 05, 10, 66, 8C, 05, 24, D4, 05, 10, 66, 8C, 25, 20, D4, 05, 10, 66, 8C, 2D, 1C, D4, 05, 10, 9C, 8F, 05, 50, D4... 
[+]

Entropy:

4.9091

Code size:

174 KB (178,176 bytes)

The file grabrez.browserfilter.helper.dll has been discovered within the following program.

GrabRez by Yontoo Technology, Inc.

GrabRez is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.

grabmyrez.co/support

83% remove it

Remove grabrez.browserfilter.helper.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.