home

grabrezbaapp.dll

GrabRez

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module grabrezbaapp.dll by GrabRez has been detected as adware by 24 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
GrabRez  (signed and verified)

MD5:
7c06e5b00f12d73e607b1856ef9507c3

SHA-1:
bef2f1b9f08dc765ef419f191ead0966bb8de9aa

SHA-256:
aa532f71e9e1dbedb28e55dfcc11c101f2880f6b2f7eba02c8e6363e71f21762

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 7:45:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.AD
870

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Win-PUP/Swiftbrowse.195352
2014.09.18

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.173.16

AVG
Webet
2015.0.3348

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14918

Bitdefender
Adware.SwiftBrowse.AD
1.0.20.1305

Clam AntiVirus
Win.Adware.Swiftbrowse-86
0.98/21411

Dr.Web
Trojan.BPlug.100
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.AD
8.14.09.17.08

ESET NOD32
Win32/BrowseFox.N potentially unwanted application
8.7.0.302.0

F-Secure
Adware.SwiftBrowse.AD
11.2014-18-09_5

G Data
Adware.SwiftBrowse.AD
14.9.24

herdProtect (fuzzy)
variant of sunrisebrowsebaapp.dll (Adware)
2014.11.22.13

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.6.1.0

McAfee
Adware-BrowseFox
5600.7004

MicroWorld eScan
Adware.SwiftBrowse.AD
15.0.0.978

NANO AntiVirus
Riskware.Win32.Agent.dedjsz
0.28.2.62151

nProtect
Adware.SwiftBrowse.AD
14.08.10.01

Reason Heuristics
PUP.GrabRez.M
14.9.17.20

Sophos
Browse Fox
4.98

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

Zillya! Antivirus
Adware.Kranet.Win32.76
2.0.0.1926

File size:
190.8 KB (195,352 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\grabrez\bin\grabrezbaapp.dll

Digital Signature
Signed by:
GrabRez

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 6:00:00 PM

Valid to:
11/27/2014 5:59:59 PM

Subject:
CN=GrabRez, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GrabRez, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
63321F6F4FC45CBD2C4E1616655D18DB

File PE Metadata
Compilation timestamp:
7/24/2014 2:25:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:m3A11Je0OVsR00frsTbnFe/UpM1qLZ+GQ+1m2E/TJL9QbPa5jxpVl:m3Qa0lOnFe/+pZ+G/1m2cTzQbCJjVl

Entry address:
0x11CBD

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 71, 7C, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, D0, 45, 02, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 34, 40, 02, 10, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64...
 
[+]

Entropy:
6.5540

Code size:
140 KB (143,360 bytes)

Remove grabrezbaapp.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.