home

plugin.exe

Strong Signal

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application plugin.exe by Strong Signal has been detected as adware by 18 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Strong Signal  (signed and verified)

Version:
1.0.5536.15418

MD5:
c8ad560d8fbf0a530506140ba9e0d501

SHA-1:
1969bcb596d322cdd97081132101dda3284f4435

SHA-256:
fdc862ac17e142256ab179a6277b420a3f08461a5dae3edb92deab926f1de7b7

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/18/2024 2:41:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BX
704

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.212.188

AVG
Generic
2016.0.3185

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15227

Bitdefender
Adware.BrowseFox.BX
1.0.20.305

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Adware.BrowseFox.BX
8.15.03.02.11

ESET NOD32
Win32/BrowseFox.AF potentially unwanted (variant)
9.11245

Fortinet FortiGate
Riskware/BrowseFox
3/2/2015

F-Secure
Adware.BrowseFox.BX
11.2015-02-03_2

G Data
Win32.Adware.StrongSignal
15.2.25

K7 AntiVirus
Unwanted-Program
13.1915120

MicroWorld eScan
Adware.BrowseFox.BX
16.0.0.183

nProtect
Adware.BrowseFox.BX
15.02.27.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Yontoo
15.2.27.20

Sophos
Positive Finds
4.98

VIPRE Antivirus
Trojan.Win32.Generic
38020

File size:
508.2 KB (520,440 bytes)

Product version:
1.0.5536.15418

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5\plugin.exe

Digital Signature
Signed by:
Strong Signal

Authority:
VeriSign, Inc.

Valid from:
12/11/2014 7:00:00 PM

Valid to:
12/12/2015 6:59:59 PM

Subject:
CN=Strong Signal, O=Strong Signal, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5047EE0477D4F273DFC93DB8A749B9E0

File PE Metadata
Compilation timestamp:
2/27/2015 11:34:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:oj4EE+a4Y7ukPG2bcMx7kOMAl4IRRWcrCRdUt67/Fe:odY77VbcXOv4UEceRyt67/M

Entry address:
0x2CD12

Entry point:
E8, 2A, 1D, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 38, C9, 47, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 78, 77, 47, 00, 01, 0F, 82, 25, 1E, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9...
 
[+]

Entropy:
6.5654

Code size:
390.5 KB (399,872 bytes)

Remove plugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.