home

portalmore.purbrowse.dll

PortalMore

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module portalmore.purbrowse.dll by PortalMore has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
PortalMore  (signed and verified)

Version:
1.0.5462.42945

MD5:
435f5183432c07942873bd893d013586

SHA-1:
aa8c46b458b091ec41b5cb48f32d040bbbb6cdfa

SHA-256:
262e9d5d2cd26d7f6560b01559bbd2f38d4516c190daf5909bc778626ee304a2

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/24/2024 12:48:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CN
778

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2014.12.16

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.195.250

avast!
Win32:BrowseFox-ES [PUP]
141214-1

AVG
PortalMore
2015.0.3259

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.141216

Bitdefender
Adware.SwiftBrowse.CN
1.0.20.1765

Emsisoft Anti-Malware
Adware.SwiftBrowse.CN
8.14.12.19.01

ESET NOD32
MSIL/BrowseFox.L potentially unwanted application
7.0.302.0

F-Prot
W32/S-7aa9c30a
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.13.68

G Data
Adware.SwiftBrowse.CN
14.12.24

IKARUS anti.virus
AdWare.SwiftBrowse
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.187.14339

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.12.19.01

McAfee
BrowseFox.g
5600.6912

MicroWorld eScan
Adware.SwiftBrowse.CN
15.0.0.1059

nProtect
Adware.SwiftBrowse.CN
14.11.14.01

Panda Antivirus
Trj/CI.A
14.12.19.01

Qihoo 360 Security
Win32/Virus.Adware.708
1.0.0.1015

Reason Heuristics
Adware.Yontoo.PortalMore.T
14.12.16.7

Sophos
Browse Fox
4.98

VIPRE Antivirus
Threat.4741131
34232

File size:
934.7 KB (957,168 bytes)

Product version:
1.0.5462.42945

Original file name:
PortalMore.PurBrowse2014121607.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\portalmore\bin\plugins\portalmore.purbrowse.dll

Digital Signature
Signed by:
PortalMore

Authority:
VeriSign, Inc.

Valid from:
10/8/2014 7:00:00 AM

Valid to:
10/9/2015 6:59:59 AM

Subject:
CN=PortalMore, O=PortalMore, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
14DCC59945E4B46B41587E1F633D56C1

File PE Metadata
Compilation timestamp:
12/16/2014 2:51:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:gDu05zyDZr/XDGcH/CYU2XvfnWbGvPswlEdC3MDLBodm:b05u1fWyMG+BDdodm

Entry address:
0xE990E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
926.5 KB (948,736 bytes)

Remove portalmore.purbrowse.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.