home

plugin.exe

Assist Point

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application plugin.exe by Assist Point has been detected as adware by 16 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Assist Point  (signed and verified)

Version:
1.0.5565.24485

MD5:
bda0c80bfe331f9ecd9f3b5c146774d3

SHA-1:
d7272a71ab77c37aac0732c89d43eb41b1b8354f

SHA-256:
3599f7643f3e2a33ce0ec4ade00885e30cc98572585e50893ac69b77b3a5e07c

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/19/2024 2:55:14 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.15

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.217.78

AVG
AdPlugin
2016.0.3156

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15328

Clam AntiVirus
Win.Adware.Browsefox-559
0.98/21511

Emsisoft Anti-Malware
Adware.BrowseFox.BX
8.15.07.03.06

ESET NOD32
Win32/BrowseFox.AF potentially unwanted (variant)
9.11300

F-Secure
Adware.BrowseFox.BX
11.2015-03-07_6

G Data
Adware.BrowseFox.BX
15.7.25

herdProtect (fuzzy)
variant of trz3bd8.tmp (Adware)
2015.7.3.6

NANO AntiVirus
Riskware.Win32.Agent.dpnflu
0.30.8.659

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Yontoo
15.4.2.1

Sophos
Positive Finds
4.98

Zillya! Antivirus
Backdoor.PePatch.Win32.68944
2.0.0.2119

File size:
508.2 KB (520,432 bytes)

Product version:
1.0.5565.24485

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\5\plugin.exe

Digital Signature
Signed by:
Assist Point

Authority:
VeriSign, Inc.

Valid from:
3/5/2015 9:00:00 PM

Valid to:
3/5/2016 8:59:59 PM

Subject:
CN=Assist Point, O=Assist Point, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
58FC58A52C291B337067DC6AA50B8FB3

File PE Metadata
Compilation timestamp:
3/28/2015 5:36:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:kj4EE+a4Y7ukPG2bcMx7kOMAl4IRRWcrCRdUR6A/Fp:kdY77VbcXOv4UEceRyR6A/b

Entry address:
0x2CD12

Entry point:
E8, 2A, 1D, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 38, C9, 47, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 78, 77, 47, 00, 01, 0F, 82, 25, 1E, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9...
 
[+]

Code size:
390.5 KB (399,872 bytes)

Remove plugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.