home

jumpflip.purbrowse.dll

Jump Flip

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module jumpflip.purbrowse.dll by Jump Flip has been detected as adware by 17 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Jump Flip  (signed and verified)

Version:
1.0.5507.22625

MD5:
89e4d78019dd02f63824632e1dfaee45

SHA-1:
908b45cf07154639f9ce84e51d723e5cb1dfc43b

SHA-256:
589560620236d543f8385874ecda461c3e8e7f0903aae9bb284f218ff5e84999

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 8:06:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BJ
6480224

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.205.236

avast!
Win32:BrowseFox-DZ [PUP]
150126-0

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15129

Bitdefender
Adware.BrowseFox.BJ
1.0.20.145

Emsisoft Anti-Malware
Adware.BrowseFox.BJ
9.0.0.4799

ESET NOD32
MSIL/BrowseFox.L potentially unwanted application
7.0.302.0

F-Prot
W32/S-cfdb2970
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BJ
5.13.68

G Data
Adware.BrowseFox.BJ
15.1.25

K7 AntiVirus
Unwanted-Program
13.193.14803

Malwarebytes
PUP.Optional.Sanbreel.A
v2015.01.29.10

McAfee
BrowseFox-FUT
5600.6870

MicroWorld eScan
Adware.BrowseFox.BJ
16.0.0.87

nProtect
Adware.BrowseFox.BJ
15.01.29.01

Reason Heuristics
Adware.Yontoo.JumpFlip
15.1.29.21

VIPRE Antivirus
Threat.4741131
36666

File size:
937.3 KB (959,776 bytes)

Product version:
1.0.5507.22625

Original file name:
JumpFlip.PurBrowse2015012920.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\jump flip\bin\plugins\jumpflip.purbrowse.dll

Digital Signature
Signed by:
Jump Flip

Authority:
VeriSign, Inc.

Valid from:
8/21/2013 7:00:00 PM

Valid to:
8/22/2015 6:59:59 PM

Subject:
CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata
Compilation timestamp:
1/29/2015 2:34:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:c/RMsp/ea/C23eg2DHf23H1KIxctaB7aBQp:oMG/eaUDD/YUIKtaBGBQp

Entry address:
0xEA246

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1715

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
929 KB (951,296 bytes)

Remove jumpflip.purbrowse.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.