home

GreenerWebBrowserFilter.exe

Greener Web

Installed as part of the Yontoo Greener Web branded web browser extension, the BrowserFilter component is responsible for injecting advertising in the browser based on the context of the HTML being rendered. Ads are injected in the browser in the form of inline text, coupons, multi-site searching and additional offers. The application GreenerWebBrowserFilter.exe by Greener Web has been detected as adware by 14 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Greener Web  (signed and verified)

Version:
0.0.0.0

MD5:
f526ce6df2a2251c9de8a0adcbcdf25d

SHA-1:
844e47fa6308a3c20d67576792d1ec4908a50f96

SHA-256:
553228b08c69348ac5ce56c33e7d0acefc5a3226e622d670c2d13f81d0ec0a23

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
4/27/2024 4:13:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.AM
832

avast!
Win32:BrowseFox-CG [PUP]
141025-0

AVG
Greenerweb
2015.0.3310

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.141025

Bitdefender
Adware.SwiftBrowse.AM
1.0.20.1490

Emsisoft Anti-Malware
Adware.SwiftBrowse.AM
14.10.25

ESET NOD32
Win64/BrowseFox.AC (variant)
8.10620

F-Secure
Adware.SwiftBrowse.AM
11.2014-25-10_7

G Data
Adware.SwiftBrowse.AM
14.10.24

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.25.07

MicroWorld eScan
Adware.SwiftBrowse.AM
15.0.0.894

nProtect
Adware.SwiftBrowse.AM
14.10.24.01

Reason Heuristics
PUP.GreenerWeb.X
14.10.25.19

VIPRE Antivirus
Threat.4741131
34232

File size:
35.3 KB (36,128 bytes)

Product version:
0.0.0.0

Original file name:
GreenerWebBrowserFilter.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\Program Files\greener web\bin\greenerwebbrowserfilter.exe

Digital Signature
Signed by:
Greener Web

Authority:
VeriSign, Inc.

Valid from:
4/22/2014 3:00:00 AM

Valid to:
4/23/2015 2:59:59 AM

Subject:
CN=Greener Web, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Greener Web, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5AE1591EB6D76718ADCE211DFB4D195B

File PE Metadata
Compilation timestamp:
10/25/2014 1:14:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:mdNGAExXDOj7oZ7EWyRsBhG8H8WhWAK5HQbxdaEq5:mdNYaj7oiRsXG8HvhWAK5HIxy

Entry address:
0x88DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 70, 00, 00, 00, 20, 89, 00, 00, 20, 6B, 00, 00, 52, 53, 44, 53, 8D, 05, ED, 46, DF, 37, 7D, 4D, 81, E9, B2, 56, 33, AC, 8E, 08, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 33, 6C, 79, 65, 30, 6D, 34, 34, 2E, 76, 35, 69, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 42, 72, 6F, 77...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
26.5 KB (27,136 bytes)

Remove GreenerWebBrowserFilter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.