home

MegaBrowse.BrowserFilterG.dll

Mega Browse

Installed as part of the Yontoo Mega Browse branded web browser extension, the BrowserFilter component is responsible for injecting advertising in the browser based on the context of the HTML being rendered. Ads are injected in the browser in the form of inline text, coupons, multi-site searching and additional offers. The module MegaBrowse.BrowserFilterG.dll by Mega Browse has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Mega Browse  (signed and verified)

Version:
1.0.5177.26552

MD5:
7e2e0ef51b38ffce0a92f769640c7b36

SHA-1:
c1106a62aa211c2411bf7c89ae9634cea3fac5aa

SHA-256:
4c46d281751479ff301fa07116f55c658612211afd1e220e73f2bfc5166fc90c

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
4/25/2024 2:11:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MegaBrowse.Y
14.3.19.0

File size:
321.8 KB (329,504 bytes)

Product version:
1.0.5177.26552

Original file name:
MegaBrowse.BrowserFilterG.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\mega browse\bin\plugins\megabrowse.browserfilterg.dll

Digital Signature
Signed by:
Mega Browse

Authority:
VeriSign, Inc.

Valid from:
1/21/2014 7:00:00 PM

Valid to:
1/22/2015 6:59:59 PM

Subject:
CN=Mega Browse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mega Browse, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
151F3F44EFA5ADB264205FBF9F779B3D

File PE Metadata
Compilation timestamp:
3/5/2014 9:45:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:itz4Hp97bfqhObFIBWMcOBfXHf8xMsFguY+gNNUZqdDBabgiJ13atrqgang:itz4J97bFBIBzHfayjUKifqTag

Entry address:
0x5052A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5962

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
313.5 KB (321,024 bytes)

Remove MegaBrowse.BrowserFilterG.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.