» plugincontainer.exe
Overview
Analysis
File Details
Behaviors (1)

plugincontainer.exe

Assist Point

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application plugincontainer.exe by Assist Point has been detected as adware by 21 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Service Mgr AssistPoint”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

plugincontainer.exe

Publisher:

Assist Point (signed and verified)

Version:

1.0.5620.10211

MD5:

88827c7cf923e1172579225c6c5a94d4

SHA-1:

dc7d2b85cc28473ce002b56583c8ff5d93a0f49a

SHA-256:

f2feecdb7218f45f552a2b955e379ba18676ab54a6d02ff788445219507dfe64

Scanner detections:

21 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/16/2024 3:54:28 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.CX

5549295

AhnLab V3 Security

PUP/Win32.BrowseFox

2015.05.23

Avira AntiVirus

ADWARE/BrowseFox.Gen

8.3.1.6

AVG

Adware AdPlugin.DOG

2014.0.4311

Bitdefender

Adware.BrowseFox.CX

1.0.20.710

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Browsefox-906

0.98/20498

Dr.Web

Trojan.Yontoo.1781

9.0.1.05190

Emsisoft Anti-Malware

Adware.BrowseFox.CX

10.0.0.5366

ESET NOD32

Win32/BrowseFox.AU potentially unwanted application

7.0.302.0

F-Prot

W32/S-21b300c5

v6.4.7.1.166

F-Secure

Adware.BrowseFox.CX

5.14.151

G Data

Adware.BrowseFox.CX

15.5.25

K7 AntiVirus

Unwanted-Program

13.204.16000

Malwarebytes

PUP.Optional.AssistPoint.A

v2015.05.22.03

MicroWorld eScan

Adware.BrowseFox.CX

16.0.0.426

NANO AntiVirus

Trojan.Win32.Yontoo.drcfxd

0.30.24.1636

nProtect

Adware.BrowseFox.CX

15.05.22.01

Reason Heuristics

PUP.Yontoo.AssistPoint

15.5.22.10

Sophos

PUA 'Browse Fox'

5.14

Zillya! Antivirus

Backdoor.PePatch.Win32.71343

2.0.0.2187

File size:

543.3 KB (556,304 bytes)

Product version:

1.0.5620.10211

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugincontainer.exe

Digital Signature

Signed by:

Assist Point

Authority:

VeriSign, Inc.

Valid from:

3/6/2015 1:00:00 AM

Valid to:

3/6/2016 12:59:59 AM

Subject:

CN=Assist Point, O=Assist Point, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

58FC58A52C291B337067DC6AA50B8FB3

File PE Metadata

Compilation timestamp:

5/22/2015 2:40:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:ybEaNRedy8prQ3GhAGDix9udzcZbaSkkYoSZIA:epKd5RQW2GDqcd4Z2oSZIA

Entry address:

0x30372

Entry point:

E8, CE, F4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 30, E5, 47, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 08, 4C, 00, 00, 59, FF, 34, F5, 30, E5, 47, 00, FF, 15, 84, 31, 46, 00, 5E, 5D, C3, 56, 57, BE, 30, E5, 47, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, 78, 31, 46, 00, 53, E8, CC, A0, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, 50, E6, 47, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15... 
[+]

Code size:

391 KB (400,384 bytes)

Service

Display name:

Service Mgr AssistPoint

Type:

Win32OwnProcess

Depends on:

RPCSS

Remove plugincontainer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.