» PlurPush.FirstRun.exe
Overview
Analysis
File Details
Programs (1)

PlurPush.FirstRun.exe

FirstRun

PlurPush

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application PlurPush.FirstRun.exe by PlurPush has been detected as adware by 7 anti-malware scanners. This file is typically installed with the program PlurPush by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

PlurPush (signed and verified)

Product:

FirstRun

Version:

1.0.0.0

MD5:

422d85271cf8bfaa537da5adc2f21795

SHA-1:

2cb8d92f331e4e41ae78b75e0f4c4e10c8f1dbda

SHA-256:

fcecf1514b4ea5682f70022c2e742042febb5c4851bf952a4e9a14705f3739ce

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Part of the Yontoo ad injection web browser add-on.

Analysis date:

5/10/2024 6:16:13 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/BrowseFox.Gen

7.11.155.210

AVG

MalSign.Generic

2015.0.3389

Baidu Antivirus

Adware.MSIL.BrowseFox

4.0.3.1488

ESET NOD32

MSIL/BrowseFox.D potentially unwanted application

8.7.0.302.0

Malwarebytes

PUP.Optional.Sambreel.A

v2014.08.08.12

Reason Heuristics

Adware.Yontoo.PlurPush.Q

14.8.8.0

VIPRE Antivirus

Threat.4741131

29708

File size:

1.7 MB (1,756,952 bytes)

Product version:

1.0.0.0

Original file name:

PlurPush.FirstRun.exe

File type:

Executable application (Win32 EXE)

Language:

Swedish (Sweden)

Common path:

C:\Program Files\plurpush\plurpush.firstrun.exe

Digital Signature

Signed by:

PlurPush

Authority:

VeriSign, Inc.

Valid from:

9/19/2013 2:00:00 AM

Valid to:

9/20/2015 1:59:59 AM

Subject:

CN=PlurPush, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PlurPush, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

30ACE095C6EE9F3C39428EB86ECAFADF

File PE Metadata

Compilation timestamp:

3/14/2014 7:33:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:Nn1SNc7TdYViaBs2f3LQZ7rjaMG+kHrML:Nn1dYVZL/Lur0vrY

Entry address:

0x1ACBEA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 2C, 03, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, E0, 1A, 00, D0, 02, 00, 00, 00, 00, 00, 00, D0, 02, 34, 00, 00, 00, 56, 00, 53, 00, 5F, 00, 56, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.7 MB (1,747,968 bytes)

The file PlurPush.FirstRun.exe has been discovered within the following program.

PlurPush by Yontoo Technology, Inc.

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

plurpush.net/support

82% remove it

Remove PlurPush.FirstRun.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.