home

plugin.exe

Roll Around

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application plugin.exe by Roll Around has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Roll Around  (signed and verified)

Version:
1.0.5563.19077

MD5:
b9c169d198b77a347fd5b55256e40656

SHA-1:
18d7a48618b8a9f41bace5cf12d6e92a9da8c26d

SHA-256:
a44ea85b0811ffd52229333ad5d7677ada109b6a1d68dc599402cee4f6ba2286

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 10:28:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BY
6373653

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Generic
2015.03.10

Avira AntiVirus
ADWARE/BrowseFox.Gen
3.6.1.96

AVG
Adware AdPlugin
2016.0.3158

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.1572

Bitdefender
Adware.BrowseFox.BY
1.0.20.430

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Browsefox-519
0.98/21511

Dr.Web
Trojan.Yontoo.1738
9.0.1.05190

Emsisoft Anti-Malware
Adware.BrowseFox.BY
9.0.0.4799

ESET NOD32
Win32/BrowseFox.AF potentially unwanted application
7.0.302.0

F-Prot
W32/S-6173d22b
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BY
5.13.68

G Data
Adware.BrowseFox.BY
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15176

MicroWorld eScan
Adware.BrowseFox.BY
16.0.0.258

NANO AntiVirus
Trojan.Win32.Yontoo.dpgswx
0.30.8.659

nProtect
Adware.BrowseFox.BY
15.03.09.01

Reason Heuristics
PUP.Yontoo
15.3.27.6

Sophos
PUA 'Positive Finds' (of type Adware)
5.11

VIPRE Antivirus
Threat.4150696
38050

Zillya! Antivirus
Backdoor.PePatch.Win32.68134
2.0.0.2118

File size:
458.8 KB (469,776 bytes)

Product version:
1.0.5563.19077

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3bak\plugin.exe

Digital Signature
Signed by:
Roll Around

Authority:
VeriSign, Inc.

Valid from:
12/22/2014 2:00:00 AM

Valid to:
12/23/2015 1:59:59 AM

Subject:
CN=Roll Around, O=Roll Around, L=Los Angeles, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
02A1223E320B2EC6C2C8789B5CB4BB4B

File PE Metadata
Compilation timestamp:
3/26/2015 7:36:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:xKfuLnwXbjAcX+PUilaIgyZTk+qg565jxP2:xQX/pkUAnJJM5jxP

Entry address:
0x2553E

Entry point:
E8, CB, F4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, FC, 8B, 75, 0C, 8B, 4E, 08, 33, CE, E8, 68, D0, FF, FF, 6A, 00, 56, FF, 76, 14, FF, 76, 0C, 6A, 00, FF, 75, 10, FF, 76, 10, FF, 75, 08, E8, AE, 47, 00, 00, 83, C4, 20, 5E, 5D, C3, 55, 8B, EC, 51, 53, FC, 8B, 45, 0C, 8B, 48, 08, 33, 4D, 0C, E8, 35, D0, FF, FF, 8B, 45, 08, 8B, 40, 04, 83, E0, 66, 74, 11, 8B, 45, 0C, C7, 40, 24, 01, 00, 00, 00, 33, C0, 40, EB, 6C, EB, 6A, 6A, 01, 8B, 45, 0C, FF, 70, 18, 8B, 45, 0C, FF, 70, 14, 8B, 45, 0C, FF, 70, 0C, 6A...
 
[+]

Entropy:
6.5623

Code size:
348.5 KB (356,864 bytes)

Remove plugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.