» plugin.exe
Overview
Analysis
File Details

plugin.exe

Steel Cut

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application plugin.exe by Steel Cut has been detected as adware by 10 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

plugin.exe

Publisher:

Steel Cut (signed and verified)

Version:

1.0.5719.6911

MD5:

5f7ddd08aad69d1abf4151e1f2ef478e

SHA-1:

21154defc09a56f532e4635d1b9c4271379fcb86

SHA-256:

8ad3e0a18dc175bdd2661d9e697ccfc60b8b8e961bb638340d7940b334431ae2

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 1:39:44 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.BrowseFox

2015.08.30

Avira AntiVirus

ADWARE/BrowseFox.Gen7

8.3.2.2

AVG

Generic

2016.0.3001

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.15830

Comodo Security

Application.Win32.BrowseFox.ACY

23112

Dr.Web

Trojan.Yontoo.1734

9.0.1.0242

IKARUS anti.virus

AdWare.BrowseFox

t3scan.1.9.5.0

NANO AntiVirus

Riskware.Win32.Agent.dvodkw

0.30.24.3283

Reason Heuristics

Adware.Yontoo.SteelCut (M)

15.8.30.21

Zillya! Antivirus

Adware.BrowseFox.Win32.61904

2.0.0.2379

File size:

302.2 KB (309,488 bytes)

Product version:

1.0.5719.6911

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\appmgr1.26.3056825\1\plugin.exe

Digital Signature

Signed by:

Steel Cut

Authority:

VeriSign, Inc.

Valid from:

1/10/2015 10:00:00 PM

Valid to:

1/11/2016 9:59:59 PM

Subject:

CN=Steel Cut, O=Steel Cut, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0ABB826DEFFE019B3B61D91322DE992A

File PE Metadata

Compilation timestamp:

8/29/2015 7:50:31 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:lzEopwh2Oxdy+FSwFwfpbuBkGWS/UXjuGNvUmI5rmaeTGE:yokDxd7YwFwfpCVUXy8G5y7iE

Entry address:

0xF7E6

Entry point:

E8, A6, 75, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, 3D, 44, 00, 8B, 4D, 08, 23, 4D, 0C, F7, D2, 23, D0, 0B, D1, 89, 15, 20, 3D, 44, 00, 5D, C3, E8, FF, 76, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 1D, 77, 00, 00, 59, F6, 05, 20, 3D, 44, 00, 02, 74, 21, 6A, 17, E8, 74, 2A, 02, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, 14, 2F, 00, 00, 83, C4, 0C, 6A, 03, E8, 23, 28, 00, 00, CC, A1, 98, 93, 44, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06... 
[+]

Code size:

204.5 KB (209,408 bytes)

Remove plugin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.