home

holdpage.gcupdate.dll

middle pages

This is the Google Chrome extension manager/updater for the Yontoo middle pages branded web browser plugin which injects banners, text-link and popup ads in the Chorme browser. The module holdpage.gcupdate.dll by middle pages has been detected as adware by 15 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
middle pages  (signed and verified)

Version:
1.0.5469.2828

MD5:
043940b690374ff740ec865868e18083

SHA-1:
944dba9fc59209aa329ac89ceb6a2577594a60dc

SHA-256:
683661190d88d4ab9a4ed397467a1b7d0287b31de961f18a2e7f860fb2b4b1c9

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser extension for Chrome.

Analysis date:
4/26/2024 2:24:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.AL
6213306

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.197.30

AVG
Generic
2015.0.3253

Bitdefender
Adware.BrowseFox.AL
1.0.20.1780

Emsisoft Anti-Malware
Adware.BrowseFox.AL
9.0.0.4668

ESET NOD32
MSIL/BrowseFox.L potentially unwanted application
7.0.302.0

F-Secure
Adware.BrowseFox.AL
5.13.68

G Data
Adware.BrowseFox.AL
14.12.24

IKARUS anti.virus
PUA.MSIL.BrowseFox
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14410

MicroWorld eScan
Adware.BrowseFox.AL
15.0.0.1068

Norman
Adware.BrowseFox.AL
04.12.2014 14:30:06

nProtect
Adware.BrowseFox.AL
14.12.22.01

Reason Heuristics
Adware.Yontoo.middlepages
15.1.12.11

VIPRE Antivirus
Threat.4741131
35418

File size:
1.6 MB (1,648,880 bytes)

Product version:
1.0.5469.2828

Original file name:
HoldPage.GCUpdate2014122209.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\hold page\bin\plugins\holdpage.gcupdate.dll

Digital Signature
Signed by:
middle pages

Authority:
VeriSign, Inc.

Valid from:
10/7/2014 2:00:00 AM

Valid to:
10/3/2015 1:59:59 AM

Subject:
CN=middle pages, O=middle pages, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01FD540333A96486522A2EDFD3C2E0B3

File PE Metadata
Compilation timestamp:
12/22/2014 10:34:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:Y69LtOoST2IFHMzD4V21PUBc573IsnbabNaZgOT39IJD7ICp2ZLa3udFWJUiEIk4:f9LteaZg2wnIu3+dFiCha/GE5

Entry address:
0x1925EA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3195

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.6 MB (1,640,448 bytes)

Remove holdpage.gcupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.