home

plugin.exe

Internet Program

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application plugin.exe by Internet Program has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Internet Program  (signed and verified)

Version:
1.0.5603.6577

MD5:
964e705ee46c4935fddf329678742347

SHA-1:
7b586b7137c182473a04be4466c70b059a53e387

SHA-256:
8d3caed7dfbf355cd524e1a646f9432b707ce4e4410b7f156eed4139c493c131

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 7:49:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.CW
5563212

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.05.28

Avira AntiVirus
ADWARE/BrowseFox.Gen
8.3.1.6

AVG
Adware AdPlugin.DNV
2014.0.4311

Bitdefender
Adware.BrowseFox.CW
1.0.20.735

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Browsefox-913
0.98/20507

Comodo Security
Application.Win32.BrowseFox.AKF
22250

Dr.Web
Trojan.Yontoo.1735
9.0.1.05190

Emsisoft Anti-Malware
Adware.BrowseFox.CW
10.0.0.5366

ESET NOD32
Win32/BrowseFox.AF potentially unwanted application
7.0.302.0

F-Prot
W32/S-cfd541ab
v6.4.7.1.166

F-Secure
Adware.BrowseFox.CW
5.14.151

G Data
Adware.BrowseFox.CW
15.5.25

K7 AntiVirus
Unwanted-Program
13.204.16045

McAfee
Program.BrowseFox-FYS
18.0.204.0

MicroWorld eScan
Adware.BrowseFox.CW
16.0.0.441

NANO AntiVirus
Riskware.Win32.Agent.drgxoz
0.30.24.1636

nProtect
Adware.BrowseFox.CW
15.05.27.01

Reason Heuristics
PUP.Yontoo.InternetProgram
15.5.27.8

Vba32 AntiVirus
AdWare.Agent
3.12.26.4

VIPRE Antivirus
Threat.4741131
40552

Zillya! Antivirus
Backdoor.PePatch.Win32.71460
2.0.0.2190

File size:
469.3 KB (480,536 bytes)

Product version:
1.0.5603.6577

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3bak\plugin.exe

Digital Signature
Signed by:
Internet Program

Authority:
VeriSign, Inc.

Valid from:
11/5/2014 12:00:00 AM

Valid to:
11/5/2015 11:59:59 PM

Subject:
CN=Internet Program, O=Internet Program, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
146D6AFF83C11B0B4BF34BD665E746C7

File PE Metadata
Compilation timestamp:
5/5/2015 11:39:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:VpCAxYpRfmxPqmL4s1WvPQiIJ34dArIg3E1uef:yVpRfmxPZLTWXnGLIgyu

Entry address:
0x28148

Entry point:
E8, 6C, F8, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 8A, F9, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 74, F9, 00, 00, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, 80, E2, 46, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, B0, D0, FF, FF, 8B...
 
[+]

Entropy:
6.5513

Code size:
356.5 KB (365,056 bytes)

Remove plugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.