» holdpage.boashelper.exe
Overview
Analysis
File Details

holdpage.boashelper.exe

middle pages

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application holdpage.boashelper.exe by middle pages has been detected as adware by 24 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

middle pages (signed and verified)

MD5:

e8b6258de4df7ae808a64f5a447deb24

SHA-1:

4b0d61bc65f18f2a1ac24c4912b48e22c28e979e

SHA-256:

fe568ace01e0188bdf36da7e3eabf6dd5818b53fa101f294823b6b1e51add1f6

Scanner detections:

24 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/19/2024 3:32:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.AL

778

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.BrowseFox

2014.12.19

Avira AntiVirus

ADWARE/BrowseFox.Gen7

7.11.196.160

AVG

Generic

2015.0.3256

Bitdefender

Adware.BrowseFox.AL

1.0.20.1765

Comodo Security

Application.Win32.AltBrowse.ISPI

20412

Dr.Web

Trojan.BPlug.297

9.0.1.0353

Emsisoft Anti-Malware

Adware.BrowseFox.AL

8.14.12.19.03

ESET NOD32

Win32/BrowseFox (variant)

8.10900

Fortinet FortiGate

Riskware/BrowseFox

12/19/2014

F-Prot

W32/S-737fdba0

v6.4.7.1.166

F-Secure

Adware.BrowseFox.AL

11.2014-19-12_6

G Data

Adware.BrowseFox.AL

14.12.24

McAfee

Artemis!E8B6258DE4DF

5600.6912

MicroWorld eScan

Adware.BrowseFox.AL

15.0.0.1059

NANO AntiVirus

Riskware.Win32.BrowseFox.dguede

0.28.6.64267

nProtect

Adware.BrowseFox.AL

14.12.18.01

Reason Heuristics

PUP.middlepages

15.1.12.11

Sophos

Generic PUA EL

4.98

Trend Micro House Call

Suspicious_GEN.F47V1218

7.2.353

Vba32 AntiVirus

AdWare.Win64.BrowseFox

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

35856

Zillya! Antivirus

Trojan.Black.Win32.19976

2.0.0.2008

File size:

1.6 MB (1,649,904 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hold page\bin\holdpage.boashelper.exe

Digital Signature

Signed by:

middle pages

Authority:

VeriSign, Inc.

Valid from:

10/7/2014 3:00:00 AM

Valid to:

10/3/2015 2:59:59 AM

Subject:

CN=middle pages, O=middle pages, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

01FD540333A96486522A2EDFD3C2E0B3

File PE Metadata

Compilation timestamp:

12/18/2014 2:45:24 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:fFwpANimT7SU5fyW4II6CNKIsLnm2nFXtGu5OqXzppnfavDX8/:FiKSUYW4ItCNKIsLnmcF9BXtpnfaTa

Entry address:

0xF6B5B

Entry point:

E8, CC, 84, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, E1, 56, 00, 00, 75, 18, E8, F8, 77, 00, 00, 6A, 1E, E8, 42, 76, 00, 00, 68, FF, 00, 00, 00, E8, 81, 28, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 94, E1, 56, 00, FF, 15, 2C, F2, 51, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, E0, E9, 56, 00, 74, 0D, 53, E8, 0F, 85, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 47, 0C, 00, 00, 89, 30, E8, 40, 0C, 00, 00, 89... 
[+]

Entropy:

6.4162

Code size:

1.1 MB (1,171,456 bytes)

Remove holdpage.boashelper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.