» searchvortex.dll
Overview
Analysis
File Details
Downloads (1)

searchvortex.dll

Search Vortex

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module searchvortex.dll by Search Vortex has been detected as adware by 31 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from install-cdn.searchvortex.info.

File name:

searchvortex.dll

Publisher:

Search Vortex (signed and verified)

Product:

Search Vortex

Version:

1.0.0.7

MD5:

a47992da962c50708b325add89e951cc

SHA-1:

20aff334997597c4556257ff2e3eb8571ba239ba

SHA-256:

e8c1b98950d21dbd87ba00650b6434730e6480ba64d9a61690574a576b21464c

Scanner detections:

31 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

6/13/2024 8:20:27 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.BJ

698

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/BrowseFox.Gen2

7.11.214.232

avast!

Win32:BrowseFox-ID [PUP]

2014.9-150308

AVG

BrowseFox

2016.0.3176

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.1538

Bitdefender

Adware.BrowseFox.BJ

1.0.20.335

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Browsefox-356

0.98/21511

Comodo Security

Application.Win32.BrowseFox.JM

20758

Dr.Web

Trojan.Yontoo.1016

9.0.1.067

Emsisoft Anti-Malware

Adware.BrowseFox.BJ

8.15.03.08.09

ESET NOD32

Win32/BrowseFox.AE potentially unwanted (variant)

9.11287

Fortinet FortiGate

Riskware/BrowseFox

3/8/2015

F-Prot

W32/S-9c4b2ea6

v6.4.7.1.166

F-Secure

Adware.BrowseFox.BJ

11.2015-08-03_1

G Data

Adware.BrowseFox.BJ

15.3.25

herdProtect (fuzzy)

variant of searchvortexbho.dll (Adware)

2015.6.15.2

IKARUS anti.virus

AdWare.BrowseFox

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.202.15563

Malwarebytes

PUP.Optional.SearchVortex.A

v2015.03.08.09

McAfee

Artemis!A47992DA962C

5600.6832

MicroWorld eScan

Adware.BrowseFox.BJ

16.0.0.201

NANO AntiVirus

Trojan.Win32.Yontoo.dnkubo

0.30.0.296

nProtect

Adware.BrowseFox.BJ

15.04.10.01

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Yontoo

15.3.8.21

Sophos

Generic PUA CA

4.98

Vba32 AntiVirus

AdWare.MSIL.Agent

3.12.26.3

VIPRE Antivirus

Yontoo

39248

Zillya! Antivirus

Backdoor.PePatch.Win32.65002

2.0.0.2091

File size:

262.7 KB (269,048 bytes)

Product version:

1.0.0.7

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\dj8c82j1\searchvortex.dll

Digital Signature

Signed by:

Search Vortex

Authority:

VeriSign, Inc.

Valid from:

1/4/2015 10:00:00 PM

Valid to:

2/4/2016 9:59:59 PM

Subject:

CN=Search Vortex, O=Search Vortex, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6378D12A74B139F75511F7798DF77B19

File PE Metadata

Compilation timestamp:

3/7/2015 7:08:07 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:Wc6e0IfEbUppVqU+kB3hh+4EF63wY+hM9ZKT+KKlKcEaM:Wc6e05GpVek3PdF9ZAKJjM

Entry address:

0xF515

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EA, 7E, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, 21, 03, 10, E8, 4C, 02, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 6C, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C4, 93, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

The file searchvortex.dll has been seen being distributed by the following URL.

http://install-cdn.searchvortex.info/bed?r=2015030719&bet=3

Remove searchvortex.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.