» webget.purbrowse64.exe
Overview
Analysis
File Details

webget.purbrowse64.exe

webget

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application webget.purbrowse64.exe by webget has been detected as adware by 19 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

webget (signed and verified)

MD5:

26647e28eed9b7a287f9a724669c62aa

SHA-1:

dc84248755fc3974655360d8eb0412d476c5cad3

SHA-256:

fb36730f53c183d3f216186fe861f4362dc5ed16ee6b3f78bed4b5772db4178c

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

5/16/2024 8:44:54 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.AM

921

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

Adware/Win64.Browsefox

2014.07.29

AVG

BrowseFox.A

2015.0.3399

Baidu Antivirus

Adware.Win64.BrowseFox

4.0.3.14729

Bitdefender

Adware.SwiftBrowse.AM

1.0.20.1050

Dr.Web

Trojan.BPlug.100

9.0.1.05190

Emsisoft Anti-Malware

Adware.SwiftBrowse.AM

8.14.07.29.05

ESET NOD32

Win64/BrowseFox (variant)

8.10044

F-Secure

Adware.SwiftBrowse.AM

11.2014-29-07_3

G Data

Adware.SwiftBrowse.AM

14.7.24

herdProtect (fuzzy)

variant of greenerweb.purbrowse64.exe (Adware)

2014.9.9.23

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.6.1.0

McAfee

Artemis!26647E28EED9

5600.7055

MicroWorld eScan

Adware.SwiftBrowse.AM

15.0.0.630

nProtect

Adware.SwiftBrowse.AD

14.07.28.01

Reason Heuristics

PUP.webget.R

14.7.29.4

Sophos

Browse Fox

4.98

VIPRE Antivirus

Trojan.Win32.Generic

30948

File size:

280.3 KB (287,000 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\webget\bin\webget.purbrowse64.exe

Digital Signature

Signed by:

webget

Authority:

VeriSign, Inc.

Valid from:

4/22/2014 2:00:00 AM

Valid to:

4/23/2015 1:59:59 AM

Subject:

CN=webget, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=webget, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2DDF0A91A7D2108F978BEB26D4734BBA

File PE Metadata

Compilation timestamp:

7/3/2014 9:12:54 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

6144:VoZk/KUcMPY18Ou41b4pPyK4j/TTl0yhv3Q7YTTBdZg1ga3Nz:VYk/KUgluPPCxXo7YTTfZs3p

Entry address:

0x201A0

Entry point:

48, 83, EC, 28, E8, 53, 77, 00, 00, 48, 83, C4, 28, E9, 76, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 7C, 24, 18, 55, 48, 8B, EC, 48, 83, EC, 60, 48, 8B, FA, 48, 8B, D9, 48, 8D, 4D, C0, 48, 8D, 15, E9, 04, 01, 00, 41, B8, 40, 00, 00, 00, E8, 8E, E4, FF, FF, 48, 8D, 55, 10, 48, 8B, CF, 48, 89, 5D, E8, 48, 89, 7D, F0, E8, 0E, 99, 00, 00, 4C, 8B, D8, 48, 89, 45, 10, 48, 89, 45, F8, 48, 85, FF, 74, 1B, F6, 07, 08, B9, 00, 40, 99, 01, 74, 05, 89, 4D, E0, EB, 0C, 8B, 45, E0, 4D, 85, DB, 0F, 44, C1, 89, 45... 
[+]

Code size:

185 KB (189,440 bytes)

Remove webget.purbrowse64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.