» PursuePoint.FirstRun.exe
Overview
Analysis
File Details

PursuePoint.FirstRun.exe

FirstRun

PursuePoint

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application PursuePoint.FirstRun.exe by PursuePoint has been detected as adware by 14 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

PursuePoint (signed and verified)

Product:

FirstRun

Version:

1.0.0.0

MD5:

577d23a9bd4821a366ac1a388c499b70

SHA-1:

5555e091c84e8296a1cabe2d19505ad8139f46bf

SHA-256:

ddc5518dd8eeab62e313b46f5612e8eb2648c1ce35d5727c75ed1e1548efa172

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Part of the Yontoo ad injection web browser add-on.

Analysis date:

4/23/2024 12:18:57 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.BQ

358

Avira AntiVirus

ADWARE/BrowseFox.Gen

7.11.179.116

avast!

Win32:BrowseFox-GW [PUP]

2014.9-160212

AVG

Adware AdInstaller.WebCake

2017.0.2836

Dr.Web

Trojan.Yontoo.1814

9.0.1.043

Emsisoft Anti-Malware

Adware.BrowseFox.BQ

8.16.02.12.05

ESET NOD32

MSIL/BrowseFox.G potentially unwanted application

10.7.0.302.0

F-Secure

Adware.BrowseFox.BQ

11.2016-12-02_6

Malwarebytes

PUP.Optional.Sambreel.A

v2016.02.12.05

McAfee

Program.BrowseFox.a

5600.6492

Norman

Adware.BrowseFox.BQ

11.20160212

Reason Heuristics

Adware.Yontoo.PursuePoint (M)

16.2.12.5

Sophos

PUA 'PursuePoint' (of type Adware)

5.17

VIPRE Antivirus

Threat.4741131

41424

File size:

1 MB (1,088,800 bytes)

Product version:

1.0.0.0

Original file name:

PursuePoint.FirstRun.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\pursuepoint\pursuepoint.firstrun.exe

Digital Signature

Signed by:

PursuePoint

Authority:

VeriSign, Inc.

Valid from:

11/26/2013 4:00:00 PM

Valid to:

11/27/2014 3:59:59 PM

Subject:

CN=PursuePoint, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PursuePoint, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

65588529ED634E296695EE3328858CB2

File PE Metadata

Compilation timestamp:

2/5/2014 12:52:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:PD+duq4Q0TSk10JOLGObXhzboN0Oea3qXMHJ3q:PDWP41SBJOyOlHoNHea3qcY

Entry address:

0x1099A6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 3C, 03, 00, 80, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9483

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1 MB (1,079,808 bytes)

Remove PursuePoint.FirstRun.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.