home

holdpage.gcupdate.dll

middle pages

This is the Google Chrome extension manager/updater for the Yontoo middle pages branded web browser plugin which injects banners, text-link and popup ads in the Chorme browser. The module holdpage.gcupdate.dll by middle pages has been detected as adware by 18 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
middle pages  (signed and verified)

Version:
1.0.5484.35442

MD5:
b59289f8fc92b7aafe3825c5c4ab9836

SHA-1:
fd74a504e91cc644744f19ac3e5b91829d1c1800

SHA-256:
600e268df7e1b3be70b48a387dcb880fbae7e161d273011e97220293247ad2d0

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser extension for Chrome.

Analysis date:
4/25/2024 10:30:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.AL
736

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.203.36

AVG
Generic
2016.0.3214

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.15130

Bitdefender
Adware.BrowseFox.AL
1.0.20.150

Emsisoft Anti-Malware
Adware.BrowseFox.AL
8.15.01.30.11

ESET NOD32
MSIL/BrowseFox (variant)
9.11040

F-Prot
W32/S-ff9e4c4a
v6.4.7.1.166

F-Secure
Adware.BrowseFox.AL
11.2015-30-01_6

G Data
Adware.BrowseFox.AL
15.1.24

K7 AntiVirus
Unwanted-Program
13.191.14689

McAfee
BrowseFox.g
5600.6870

MicroWorld eScan
Adware.BrowseFox.AL
16.0.0.90

nProtect
Adware.BrowseFox.AL
15.01.19.01

Qihoo 360 Security
HEUR/QVM23.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.Yontoo.middlepages
15.1.30.11

Sophos
Generic PUA PN
4.98

VIPRE Antivirus
Yontoo
36802

File size:
1.6 MB (1,648,368 bytes)

Product version:
1.0.5484.35442

Original file name:
HoldPage.GCUpdate2015010703.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\hold page\bin\plugins\holdpage.gcupdate.dll

Digital Signature
Signed by:
middle pages

Authority:
VeriSign, Inc.

Valid from:
10/6/2014 6:00:00 PM

Valid to:
10/2/2015 5:59:59 PM

Subject:
CN=middle pages, O=middle pages, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01FD540333A96486522A2EDFD3C2E0B3

File PE Metadata
Compilation timestamp:
1/6/2015 9:41:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:VA1SrsEbB1cAAGSxRpQwOdqIjHPgHZScETqN7:VA1vrGSxLwqIE5SHTo7

Entry address:
0x1925B6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3221

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.6 MB (1,639,936 bytes)

Remove holdpage.gcupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.