» holdpage.browseradapter.exe
Overview
Analysis
File Details

holdpage.browseradapter.exe

middle pages

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application holdpage.browseradapter.exe by middle pages has been detected as adware by 24 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

middle pages (signed and verified)

MD5:

9b41ada12ce164e6d19a544d3e15f73a

SHA-1:

d17edfa9a06b246a46fa032088c5844cf3a6139a

SHA-256:

da12d78993efecd5a5e8cf850a20240a7d62fc70a4ebce1f05a2e740c9a5d6f0

Scanner detections:

24 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

5/7/2024 7:55:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.AL

734

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/BrowseFox.Gen

7.11.206.52

AVG

Generic

2016.0.3212

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.1521

Bitdefender

Adware.BrowseFox.AL

1.0.20.160

Clam AntiVirus

Win.Adware.Swiftbrowse-1009

0.98/21511

Comodo Security

TrojWare.Win32.BrowseFox.FX

20904

Dr.Web

Trojan.Yontoo.495

9.0.1.032

Emsisoft Anti-Malware

Adware.BrowseFox.AL

8.15.02.01.05

ESET NOD32

Win32/BrowseFox.AC potentially unwanted (variant)

9.11101

Fortinet FortiGate

Riskware/BrowseFox

2/1/2015

F-Prot

W32/S-4e584d77

v6.4.7.1.166

F-Secure

Adware.BrowseFox.AL

11.2015-01-02_1

G Data

Adware.BrowseFox.AL

15.2.25

K7 AntiVirus

Unwanted-Program

13.193.14817

McAfee

Artemis!9B41ADA12CE1

5600.6868

MicroWorld eScan

Adware.BrowseFox.AL

16.0.0.96

NANO AntiVirus

Riskware.Win32.BrowseFox.dmmpgu

0.30.0.65070

nProtect

Adware.BrowseFox.AL

15.01.30.01

Reason Heuristics

PUP.Yontoo

15.2.1.5

Sophos

Generic PUA NB

4.98

VIPRE Antivirus

Yontoo

37114

Zillya! Antivirus

Adware.Agent.Win32.38198

2.0.0.2049

File size:

101.7 KB (104,176 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hold page\bin\holdpage.browseradapter.exe

Digital Signature

Signed by:

middle pages

Authority:

VeriSign, Inc.

Valid from:

10/7/2014 1:00:00 AM

Valid to:

10/3/2015 12:59:59 AM

Subject:

CN=middle pages, O=middle pages, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

01FD540333A96486522A2EDFD3C2E0B3

File PE Metadata

Compilation timestamp:

1/21/2015 11:25:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:8jblMH9claS0FXifDauLnE/x3+k+enMByiO2:ybIWcS0FSfD54tuyiO2

Entry address:

0x4275

Entry point:

E8, C5, 21, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, F3, 05, 00, 00, 3B, 0D, 70, 60, 41, 00, 75, 02, F3, C3, E9, 41, 22, 00, 00, 8B, FF, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 44, 23, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 8A, 07, 00, 00, 59, 85, C0, 74, E6, C9, C3, F6, 05, D8, 74, 41, 00, 01, BF, CC, 74, 41, 00, BE, 1C, 22, 41, 00, 75, 2C, 83, 0D, D8, 74, 41, 00, 01, 6A, 01, 8D, 45, FC, 50, 8B, CF, C7, 45, FC, 24, 22, 41, 00, E8, 2C, 00, 00, 00, 68, 7E, 13, 41, 00, 89, 35, CC... 
[+]

Entropy:

6.4061

Code size:

65 KB (66,560 bytes)

Remove holdpage.browseradapter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.