home

KlipPal.IEUpdate.dll

Klip Pal

This is the Internet Explorer add-on for the Yontoo Klip Pal branded web browser plugin (injects banner, text-link and popup ads). The component is responisble for registering the Browser Helper Object into IE and keeping it registered. The module KlipPal.IEUpdate.dll by Klip Pal has been detected as adware by 8 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Klip Pal  (signed and verified)

Version:
1.0.5414.17760

MD5:
db605867609325de42605a81dafd098d

SHA-1:
4e906ed03fd664f46a4e1d88084a590b7ad36e5d

SHA-256:
4695ce892126f9d66762faef317552a6166fbfa6f7d3b916e2566da985ef0c98

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser add-on for Internet Explorer.

Analysis date:
4/25/2024 11:19:50 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.182.78

AVG
Generic
2015.0.3306

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.141030

ESET NOD32
Win64/BrowseFox (variant)
8.10644

F-Prot
W32/A-44ec90a9
v6.4.7.1.166

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.30.10

Reason Heuristics
Adware.Yontoo.KlipPal.P
14.10.28.19

VIPRE Antivirus
Threat.4741131
34232

File size:
654.7 KB (670,448 bytes)

Product version:
1.0.5414.17760

Original file name:
KlipPal.IEUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\klip pal\bin\plugins\klippal.ieupdate.dll

Digital Signature
Signed by:
Klip Pal

Authority:
VeriSign, Inc.

Valid from:
8/4/2014 7:00:00 PM

Valid to:
8/5/2015 6:59:59 PM

Subject:
CN=Klip Pal, O=Klip Pal, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59A8A4CF2048A90F9AE8754A98A645E4

File PE Metadata
Compilation timestamp:
10/28/2014 12:52:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:yt+k7vXS4Y3QwBdKk3TT5fY6TmVjhhmi9rRjF9jnj/PGosIPjxJU5h6bAmwm8QP:y8QvfY3hdKKTT5fLKV+i9rRjbf/EIPld

Entry address:
0xA393A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 6C, 00, 00, 00, 7C, 39, 0A, 00, 7C, 1B, 0A, 00, 52, 53, 44, 53, 95, 32, B8, D7, 2B, 5D, 9D, 4C, 81, F7, 6B, 42, 23, 74, 7D, 04, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 32, 74, 65, 79, 78, 6B, 67, 78, 2E, 73, 34, 7A, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Entropy:
7.8280

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
646.5 KB (662,016 bytes)

Remove KlipPal.IEUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.