home

plugincontainer.exe

Positive Finds

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application plugincontainer.exe by Positive Finds has been detected as adware by 22 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Service Mgr PositiveFinds”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Positive Finds  (signed and verified)

Version:
1.0.5538.40632

MD5:
eaf5229a71bd8c7b02aa1ec0c420e3f3

SHA-1:
0aa0e5a14dc3ef529a809bd4e2ded21ace69ed60

SHA-256:
cc643655b45dc81b9fe74612ddf1e84023522103af73e743f0608fffb5b6d87b

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/24/2024 7:47:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BX
6765824

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.04

Avira AntiVirus
Adware/BrowseFox.581368.9
7.11.213.102

AVG
Adware AdPlugin.CTX
2014.0.4257

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.1535

Bitdefender
Adware.BrowseFox.BX
1.0.20.320

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Adware.BrowseFox.BX
9.0.0.4799

ESET NOD32
Win32/BrowseFox.AF potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/BrowseFox
3/5/2015

F-Secure
Adware.BrowseFox.BX
5.13.68

G Data
Adware.BrowseFox.BX
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15153

McAfee
Program.Artemis!EAF5229A71BD
16.8.708.2

MicroWorld eScan
Adware.BrowseFox.BX
16.0.0.192

nProtect
Adware.BrowseFox.BX
15.03.04.01

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Service.Yontoo
15.3.2.3

Sophos
PUA 'Positive Finds' (of type Adware)
5.11

Trend Micro House Call
Suspicious_GEN.F47V0302
7.2.64

VIPRE Antivirus
Threat.5061968
37788

File size:
567.7 KB (581,368 bytes)

Product version:
1.0.5538.40632

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe

Digital Signature
Signed by:
Positive Finds

Authority:
VeriSign, Inc.

Valid from:
11/5/2014 1:00:00 AM

Valid to:
11/6/2015 12:59:59 AM

Subject:
CN=Positive Finds, O=Positive Finds, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
36C47A2CBAB882A650F1E1B7D4BE3A45

File PE Metadata
Compilation timestamp:
3/2/2015 7:34:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:T/wobJ2tvUankWWv4QFtuWf6EvcSPk/1wv/3zuD35yWHNQYmNx:THc+anPWvlog/vcSM/1wjw5yWHNQYmNx

Entry address:
0x28733

Entry point:
E8, 03, F8, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 50, 9E, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 70, 47, 48, 00, 01, 0F, 82, 40, F9, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02...
 
[+]

Code size:
432 KB (442,368 bytes)

Service
Display name:
Service Mgr PositiveFinds

Type:
Win32OwnProcess


Remove plugincontainer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.