netcrawl.browseradapter.exe

NetCrawl

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application netcrawl.browseradapter.exe by NetCrawl has been detected as adware by 21 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.
Publisher:
NetCrawl  (signed and verified)

MD5:
9449a5ebf3674db11306bcdd2f4849da

SHA-1:
a5d97f293741df9991b53432782441c743f747bf

SHA-256:
3942015dc8f1a0f2cdea8ba898972f490c572e0131dec2128a12e72f277195fd

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
6/12/2024 4:53:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Jaik.1981
955

AVG
Adware Generic_r.KF
2014.0.4007

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14624

Bitdefender
Gen:Variant.Adware.SwiftBrowse.1
1.0.20.875

Clam AntiVirus
Win.Adware.Agent-7002
0.98/19286

Dr.Web
Trojan.BPlug.46
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.AQ
9.0.0.4324

ESET NOD32
Win32/BrowseFox.I potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/BrowseFox
8/16/2014

F-Secure
Gen:Variant.Adware.SwiftBrowse.1
11.2014-24-06_3

G Data
Gen:Variant.Adware.SwiftBrowse
14.6.24

IKARUS anti.virus
AdWare.SwiftBrowse
t3scan.1.6.1.0

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.494

McAfee
Artemis!C959C8735453
5600.7089

MicroWorld eScan
Gen:Variant.Adware.SwiftBrowse.1
15.0.0.525

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.NetCrawl.W
14.6.29.12

SUPERAntiSpyware
Adware.BrowseFox/Variant
10418

Trend Micro House Call
Suspicious_GEN.F47V0625
7.2.228

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

File size:
94.3 KB (96,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\netcrawl\bin\netcrawl.browseradapter.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/29/2014 1:00:00 AM

Valid to:
4/30/2015 12:59:59 AM

Subject:
CN=NetCrawl, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NetCrawl, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3C05F8D25EB72CD5B6EB863AA0585F70

File PE Metadata
Compilation timestamp:
6/24/2014 10:33:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:02MCXa+SIe+8DtLTB2z3NKfAIklDnkBZX9TD8+u:0Uq+SD+a12hhdqZX9TDE

Entry address:
0x30E5

Entry point:
E8, 85, 20, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 70, 40, 41, 00, 75, 02, F3, C3, E9, 0C, 21, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, 07, 22, 00, 00, 8B, FF, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 3E, 22, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, C5, 07, 00, 00, 59, 85, C0, 74, E6, C9, C3, F6, 05, 78, 53, 41, 00, 01, BF, 6C, 53, 41, 00, BE, 10, 02, 41, 00, 75, 2C, 83, 0D, 78, 53, 41, 00, 01, 6A, 01, 8D, 45, FC, 50, 8B, CF, C7, 45, FC, 18, 02, 41, 00, E8, 2C, 00, 00, 00, 68, 5E, FC, 40, 00, 89, 35, 6C...
 
[+]

Code size:
59.5 KB (60,928 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to 213-241-88-210.ip.netia.com.pl  (213.241.88.210:80)

Remove netcrawl.browseradapter.exe - Powered by Reason Core Security