home

KrabWeb.PurBrowseG.dll

Krab Web

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module KrabWeb.PurBrowseG.dll by Krab Web has been detected as adware by 5 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Krab Web  (signed and verified)

Version:
1.0.5401.8330

MD5:
becc20b626a53695dc08bec90d12ff44

SHA-1:
d1b2c85b70531f4e20b89cf2158180c9882e5907

SHA-256:
d4f512f7e9481c33df87eea90afd755656a8ab55ef10ac30c4ac676806525143

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 9:42:46 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3316

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.141019

ESET NOD32
MSIL/BrowseFox (variant)
8.10587

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.19.04

Reason Heuristics
PUP.KrabWeb.R
14.10.19.16

File size:
933.2 KB (955,632 bytes)

Product version:
1.0.5401.8330

Original file name:
KrabWeb.PurBrowseG.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\krab web\bin\plugins\krabweb.purbrowseg.dll

Digital Signature
Signed by:
Krab Web

Authority:
VeriSign, Inc.

Valid from:
10/6/2014 6:00:00 PM

Valid to:
10/7/2015 5:59:59 PM

Subject:
CN=Krab Web, O=Krab Web, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7267FFF9DE9B65FB24D2CA9CB6A3E8F9

File PE Metadata
Compilation timestamp:
10/15/2014 6:37:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:9e99LKWN2OhIxNLMLtj39LGhazzvIskgcP3UQik2LCtr:U8WN2OhIEHc9NbKCtr

Entry address:
0xE92BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 70, 00, 00, 00, 00, 93, 0E, 00, 00, 75, 0E, 00, 52, 53, 44, 53, 6E, 90, 78, 73, 37, DA, CC, 47, 9D, 0B, EC, C5, D3, 4A, 50, 10, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 78, 69, 75, 78, 6B, 65, 62, 65, 2E, 66, 66, 61, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Entropy:
7.1749

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
925 KB (947,200 bytes)

Remove KrabWeb.PurBrowseG.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.