» plugincontainer.exe
Overview
Analysis
File Details

plugincontainer.exe

Triangle Trail

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application plugincontainer.exe by Triangle Trail has been detected as adware by 11 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

plugincontainer.exe

Publisher:

Triangle Trail (signed and verified)

Version:

1.0.5665.12338

MD5:

c6d3a12f7f544b28d7b041b50ef91e3c

SHA-1:

0aa35203809580c2e0e91c0b3fb8c6b2da494300

SHA-256:

7f8fae7a0170ed9e7dc4940105ac995363a4a2fe01f0267d5e53d621b41a0d48

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 12:33:55 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.BrowseFox

2015.07.07

Avira AntiVirus

ADWARE/BrowseFox.Gen

8.3.1.6

AVG

BrowseFox

2016.0.3056

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.1576

Bkav FE

W32.HfsAdware

1.3.0.6979

Dr.Web

Trojan.Yontoo.2053

9.0.1.0187

ESET NOD32

Win32/BrowseFox.AU potentially unwanted (variant)

9.11897

G Data

Win32.Application.BrowseFox

15.7.25

Malwarebytes

PUP.Optional.TriangleTrail.A

v2015.07.06.07

NANO AntiVirus

Trojan.Win32.Yontoo.dtjzjv

0.30.24.2320

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.6.19

File size:

637.8 KB (653,072 bytes)

Product version:

1.0.5665.12338

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\2988696b-294c-4054-b34f-e97ca58a10e8\plugincontainer.exe

Digital Signature

Signed by:

Triangle Trail

Authority:

VeriSign, Inc.

Valid from:

3/25/2015 2:00:00 AM

Valid to:

3/25/2016 1:59:59 AM

Subject:

CN=Triangle Trail, O=Triangle Trail, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0ED5D3FC245DBE383F3324415559D0AC

File PE Metadata

Compilation timestamp:

7/6/2015 4:51:27 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:LascPdwOaQPWeURYF8WGcRilyDY8o/v0veybUCZ+MNrvxrXMGQl0G:LH6wOPSYFscSyc930eCZJFQlZ

Entry address:

0x2EC28

Entry point:

E8, FE, EF, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 14, 39, 46, 00, 8D, 7D, E0, F3, A5, 8B, 75, 0C, 8B, 7D, 08, 85, F6, 74, 13, F6, 06, 10, 74, 0E, 8B, 0F, 83, E9, 04, 51, 8B, 01, 8B, 70, 18, FF, 50, 20, 89, 7D, F8, 89, 75, FC, 85, F6, 74, 0C, F6, 06, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 20, 21, 46, 00, 5F, 5E, 8B, E5, 5D, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51... 
[+]

Code size:

388 KB (397,312 bytes)

Remove plugincontainer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.