home

NetCrawl.FeSvc.dll

NetCrawl

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module NetCrawl.FeSvc.dll by NetCrawl has been detected as adware by 19 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
NetCrawl  (signed and verified)

Version:
1.0.5306.15496

MD5:
6d425ff8c4982bac4cdfc4b7d8714e81

SHA-1:
cf00ee22863d5cb84c5996810d0028eadd062cf7

SHA-256:
67c5ec3526b8df4b7bb24b063bbcf1641c348c9a8276e103a59c9fa3f1626492

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 7:57:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.AQ
778

AVG
NetCrawl
2015.0.3415

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.14712

Bitdefender
Adware.SwiftBrowse.AQ
1.0.20.1765

Dr.Web
Trojan.BPlug.153
9.0.1.0353

Emsisoft Anti-Malware
Adware.SwiftBrowse.AQ
8.14.12.19.01

ESET NOD32
MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

F-Secure
Adware.SwiftBrowse.AQ
11.2014-19-12_6

G Data
Adware.SwiftBrowse.AQ
14.12.24

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.2775

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.07.12.08

McAfee
Artemis!6D425FF8C498
5600.7071

MicroWorld eScan
Adware.SwiftBrowse.AQ
15.0.0.1059

nProtect
Adware.SwiftBrowse.AQ
14.08.17.01

Panda Antivirus
Trj/CI.A
14.12.19.01

Qihoo 360 Security
HEUR/Malware.QVM23.Gen
1.0.0.1015

Reason Heuristics
PUP.NetCrawl.N
14.7.12.15

Sophos
Generic PUA BE
4.98

VIPRE Antivirus
Yontoo
32306

File size:
50.3 KB (51,488 bytes)

Product version:
1.0.5306.15496

Original file name:
NetCrawl.FeSvc.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\netcrawl\bin\plugins\netcrawl.fesvc.dll

Digital Signature
Signed by:
NetCrawl

Authority:
VeriSign, Inc.

Valid from:
4/29/2014 2:00:00 AM

Valid to:
4/30/2015 1:59:59 AM

Subject:
CN=NetCrawl, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NetCrawl, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3C05F8D25EB72CD5B6EB863AA0585F70

File PE Metadata
Compilation timestamp:
7/12/2014 11:36:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:YpFfTHJtjsbNaUA+WUUu3pPYPg7gMMpDY4zzlB+Ax2p6r1NhFmH21dwjl:+ZrHnUNtUu5PY4Upzzlk76bhFmH24p

Entry address:
0xC682

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
42 KB (43,008 bytes)

Remove NetCrawl.FeSvc.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.