» maintainer.exe
Overview
Analysis
File Details
Behaviors (1)

maintainer.exe

EnterDigital

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application maintainer.exe by EnterDigital has been detected as adware by 31 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “MaintainerSvc6.37.565328”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

maintainer.exe

Publisher:

EnterDigital (signed and verified)

Version:

1.0.5578.32414

MD5:

c2c8ae16b8b1f4647f69c476f111da98

SHA-1:

be65f3de2ea86e9675df1d7f2335d271f6c46528

SHA-256:

184b451e231038f598b2f8ce678e453054a5fd4f307568ff3d00b0dab4913ab3

Scanner detections:

31 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/30/2024 9:36:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.CR

665

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.BrowseFox

2015.04.11

Avira AntiVirus

ADWARE/BrowseFox.aoj

3.6.1.96

avast!

Win32:BrowseFox-EU [PUP]

2014.9-150411

AVG

Adware AdPlugin

2016.0.3143

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.15411

Bitdefender

Adware.SwiftBrowse.CR

1.0.20.505

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-41785

0.98/20425

Dr.Web

Trojan.Yontoo.1734

9.0.1.0101

Emsisoft Anti-Malware

Adware.SwiftBrowse.CR

8.15.04.11.01

ESET NOD32

Win32/BrowseFox.V potentially unwanted application

9.7.0.302.0

F-Prot

W32/S-11fc74d1

v6.4.7.1.166

F-Secure

Adware.SwiftBrowse.CR

11.2015-11-04_7

G Data

Adware.SwiftBrowse.CR

15.4.25

herdProtect (fuzzy)

variant of maintainer.bak (Adware)

2015.7.13.16

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.202.15557

Kaspersky

not-a-virus:AdWare.Win64.Agent

15.0.0.543

Malwarebytes

PUP.Optional.Browsefox

v2015.04.11.01

McAfee

Program.BrowseFox-FXS

5600.6705

MicroWorld eScan

Adware.SwiftBrowse.CR

16.0.0.303

NANO AntiVirus

Trojan.Win32.Yontoo.dpmcsm

0.30.10.952

Norman

Adware.SwiftBrowse.CR

11.20150411

nProtect

Adware.SwiftBrowse.CR

15.04.10.01

Reason Heuristics

PUP.Service.EnterDigital

15.4.10.21

Sophos

PUA 'Browse Fox'

5.12

Vba32 AntiVirus

AdWare.SwiftBrowse

3.12.26.3

VIPRE Antivirus

Threat.4741131

39486

Zillya! Antivirus

Adware.Agent.Win32.52012

2.0.0.2134

File size:

125.2 KB (128,240 bytes)

Product version:

1.0.5578.32414

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\application data\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe

Digital Signature

Signed by:

EnterDigital

Authority:

VeriSign, Inc.

Valid from:

9/2/2014 3:00:00 AM

Valid to:

9/3/2015 2:59:59 AM

Subject:

CN=EnterDigital, O=EnterDigital, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1E3B5C4453E4282F35D4B16FE677D245

File PE Metadata

Compilation timestamp:

4/11/2015 4:00:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:HD1Ll2ZpujSiZF4gmsym2UG0IHhxDOCdV5:HBVDFHxKuCf5

Entry address:

0x9872

Entry point:

E8, 75, 62, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 68, C2, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 59, 50, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 7A, F3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC... 
[+]

Entropy:

6.2061

Code size:

72.5 KB (74,240 bytes)

Service

Display name:

MaintainerSvc6.37.565328

Type:

Win32OwnProcess

Depends on:

RPCSS

Remove maintainer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.