home

grassmow.IEUpdate.dll

grassmow

This is the Internet Explorer add-on for the Yontoo grassmow branded web browser plugin (injects banner, text-link and popup ads). The component is responisble for registering the Browser Helper Object into IE and keeping it registered. The module grassmow.IEUpdate.dll by grassmow has been detected as adware by 8 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
grassmow  (signed and verified)

Version:
1.0.5387.17718

MD5:
bb11e9827c713d0653016df7fdbe72d5

SHA-1:
47dead0dc95f52ca127aaa42b27197a9be07a0da

SHA-256:
3a032c66116d88cb2f6b2662fb6210a414d89fc3e8c255f8a6f31eefd3fe31de

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser add-on for Internet Explorer.

Analysis date:
4/26/2024 5:36:38 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.176.28

AVG
Generic
2015.0.3334

ESET NOD32
MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.3163

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.02.08

McAfee
BrowseFox.a
5600.6990

Reason Heuristics
Adware.Yontoo.grassmow.Q
14.10.2.8

VIPRE Antivirus
Threat.4741131
33520

File size:
533.3 KB (546,080 bytes)

Product version:
1.0.5387.17718

Original file name:
grassmow.IEUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\grassmow\bin\plugins\grassmow.ieupdate.dll

Digital Signature
Signed by:
grassmow

Authority:
VeriSign, Inc.

Valid from:
4/29/2014 1:00:00 AM

Valid to:
4/30/2015 12:59:59 AM

Subject:
CN=grassmow, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=grassmow, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
46F979858F2F3241487CBA3EF684BAE8

File PE Metadata
Compilation timestamp:
10/1/2014 11:50:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:TRf/7rrTQUjmbtnoU/poaI8+sRlZzjqfKSEJ:TBAVtoU/pwDjKjJ

Entry address:
0x85266

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8686

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
525 KB (537,600 bytes)

Remove grassmow.IEUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.