home

melondrea.FirstRun.exe

FirstRun

melondrea

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application melondrea.FirstRun.exe by melondrea has been detected as adware by 3 anti-malware scanners.
Publisher:
melondrea  (signed and verified)

Product:
FirstRun

Version:
1.0.0.0

MD5:
7579f1f9661331353fef7ffd32643b4f

SHA-1:
a7a7f523f8d6047071a137ec9b63c75411e0f71e

SHA-256:
4667f1939fe7a7658b8c63376c1c34f2d41979e66a1e54282f18ed2b776f6157

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
4/26/2024 5:42:24 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Trojan.Sephish
8.16.02.12.06

Malwarebytes
PUP.Optional.Sambreel.A
v2016.02.12.06

Reason Heuristics
Adware.Yontoo.melondrea (M)
16.2.12.18

File size:
1.1 MB (1,121,056 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
melondrea.FirstRun.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\melondrea\melondrea.firstrun.exe

Digital Signature
Signed by:
melondrea

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 6:00:00 PM

Valid to:
11/27/2014 5:59:59 PM

Subject:
CN=melondrea, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=melondrea, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E3D0BA5A8E3C43BCD552347B3BB8B2B

File PE Metadata
Compilation timestamp:
4/9/2014 7:58:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:9jwRufZ6hxxSLFaSrsjziDH4Bh8QxytgfopIDFpKyED:9jqhbow3juDYBh8QgtgmIDT

Entry address:
0x1117DA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 34, 03, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, 20, 11, 00, D8, 02, 00, 00, 00, 00...
 
[+]

Entropy:
7.9264

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,112,064 bytes)

Remove melondrea.FirstRun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.