» searchvortexbho.dll
Overview
Analysis
File Details
Downloads (1)

searchvortexbho.dll

Search Vortex

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module searchvortexbho.dll by Search Vortex has been detected as adware by 35 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from install-cdn.searchvortex.info.

File name:

searchvortexbho.dll

Publisher:

Search Vortex (signed and verified)

Product:

Search Vortex

Version:

1.0.0.7

MD5:

9289ca3239e36326499614f8224902be

SHA-1:

13bf037b9ee631ef7214d1b0fa58d3e9baaef9fc

SHA-256:

28478d8b1abd0af08e4911a1a951072d160f24bec7d0883bef4d9e48ee6f47b7

Scanner detections:

35 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

6/14/2024 2:42:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.BJ

414

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.BrowseFox

2015.06.02

Avira AntiVirus

ADWARE/BrowseFox.Gen2

7.11.217.176

avast!

Win32:BrowseFox-ID [PUP]

2014.9-151218

AVG

BrowseFox

2016.0.2892

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.151218

Bitdefender

Adware.BrowseFox.BJ

1.0.20.1760

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Browsefox-356

0.98/21511

Comodo Security

Application.Win32.BrowseFox.JM

20659

Dr.Web

Trojan.Yontoo.1016

9.0.1.0352

Emsisoft Anti-Malware

Adware.BrowseFox.BJ

8.15.12.18.02

ESET NOD32

Win32/BrowseFox.AE potentially unwanted (variant)

9.11327

Fortinet FortiGate

Riskware/BrowseFox

12/18/2015

F-Prot

W32/S-9c4b2ea6

v6.4.7.1.166

F-Secure

Adware.BrowseFox.BJ

11.2015-18-12_6

G Data

Adware.BrowseFox.BJ

15.12.25

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.201.15274

Malwarebytes

PUP.Optional.SearchVortex.A

v2015.12.18.02

McAfee

Artemis!BF52CA75F3EA

5600.6548

MicroWorld eScan

Adware.BrowseFox.BJ

16.0.0.1056

NANO AntiVirus

Trojan.Win32.Yontoo.dnkubo

0.30.0.296

nProtect

Adware.BrowseFox.BJ

15.03.16.01

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Quick Heal

PUA.Searchvort.Gen

12.15.14.00

Reason Heuristics

PUP.Yontoo.SearchVortex (M)

15.12.18.2

Rising Antivirus

PE:Adware.BrowseFox!6.1D8B

23.00.65.151216

Sophos

Generic PUA KP

4.98

Trend Micro House Call

Suspicious_GEN.F47V0221

7.2.352

Trend Micro

TROJ_GEN.R0C2C0EC515

10.465.18

Vba32 AntiVirus

AdWare.MSIL.Agent

3.12.26.3

VIPRE Antivirus

Yontoo

38474

Zillya! Antivirus

Backdoor.PePatch.Win32.65002

2.0.0.2101

File size:

262.7 KB (269,048 bytes)

Product version:

1.0.0.7

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\search vortex\searchvortexbho.dll

Digital Signature

Signed by:

Search Vortex

Authority:

VeriSign, Inc.

Valid from:

1/4/2015 10:00:00 PM

Valid to:

2/4/2016 9:59:59 PM

Subject:

CN=Search Vortex, O=Search Vortex, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6378D12A74B139F75511F7798DF77B19

File PE Metadata

Compilation timestamp:

3/31/2015 9:51:33 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:Ic6e0IfEbUppVqU+kB3hh+4EF63wY+hM9ZKT+KKl3cEaL:Ic6e05GpVek3PdF9Z0KsjL

Entry address:

0xF515

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EA, 7E, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, 21, 03, 10, E8, 4C, 02, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 6C, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C4, 93, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

The file searchvortexbho.dll has been seen being distributed by the following URL.

http://install-cdn.searchvortex.info/bed?r=2015033117&bet=3

Remove searchvortexbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.