greygraybaapp.dll

GreyGray

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module greygraybaapp.dll by GreyGray has been detected as adware by 25 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Remove greygraybaapp.dll - Powered by Reason Core Security
Publisher:
GreyGray  (signed and verified)

MD5:
7d500cf87a7811b39dbd760b703c0623

SHA-1:
895a8777748e9685e144d6b34660f1d91200e8a0

SHA-256:
5fa12d8ec0da352d8b4f9c9d4a8b197a6bd84bbeb7b51dfdf846178184ff503a

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/4/2016 11:39:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.P
969

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
APPL/BrowseFox.Gen
7.11.154.66

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.Agent
1.0.0.1

AVG
GreyGray
2015.0.3447

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14610

Bitdefender
Adware.SwiftBrowse.P
1.0.20.805

Comodo Security
Application.Win32.AltBrowse.AKB
18503

Dr.Web
Trojan.BPlug.79
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.P
8.14.06.10.07

ESET NOD32
Win32/BrowseFox.I potentially unwanted application
7.0.302.0

F-Prot
W32/MegaBrowse.A
4.6.5.141

F-Secure
Adware.SwiftBrowse.P
11.2014-10-06_3

G Data
Adware.SwiftBrowse
14.6.24

Jiangmin
Adware/Agent.ksh
KV140610

Kingsoft AntiVirus
Win32.Troj.SwiftBrowse.P.(kcloud)
331020.49267

McAfee
Artemis!7D500CF87A78
5600.7103

McAfee Web Gateway
Artemis!7D500CF87A78
7.7103

MicroWorld eScan
Adware.SwiftBrowse.P
15.0.0.483

NANO AntiVirus
Riskware.Win32.Agent.czxzwg
0.28.0.60253

nProtect
Adware.SwiftBrowse.P
14.06.10.01

Reason Heuristics
PUP.GreyGray.N
14.8.7.20

SUPERAntiSpyware
Trojan.Agent/Gen-Dedipros
10551

Vba32 AntiVirus
AdWare.Agent
3.12.26.0

VIPRE Antivirus
Threat.4150696
30086

Remove greygraybaapp.dll - Powered by Reason Core Security
File size:
179.3 KB (183,576 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\greygray\bin\greygraybaapp.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/19/2013 1:00:00 AM

Valid to:
9/20/2015 12:59:59 AM

Subject:
CN=GreyGray, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GreyGray, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
23FF62A16C638B371A4AB98A8F876E8B

File PE Metadata
Compilation timestamp:
4/30/2014 12:20:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:G0iHuOPsHW1DezTNt9mVbBoi0+DYCzLAnbLDQ6pCO+uE8uMo:G0EgzTNSdui0+Udn/DQ6IOvE8uH

Entry address:
0xF6DC

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 48, 75, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, A0, 25, 02, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 18, 20, 02, 10, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, D8, 20, 02, 10, 57, FF, 35...
 
[+]

Code size:
129.5 KB (132,608 bytes)

Remove greygraybaapp.dll - Powered by Reason Core Security