serialtruncbho.dll

SerialTrunc

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module serialtruncbho.dll by SerialTrunc has been detected as adware by 29 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘SerialTrunc’. This file is typically installed with the program SerialTrunc by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
SerialTrunc  (signed and verified)

Product:
SerialTrunc

Version:
1.0.0.1

MD5:
6c5faa8c917f772f075cc2529f1ebdbf

SHA-1:
8189eecff1d713d6a9d2058fe88916aa6878bc34

SHA-256:
b4324f19fc68b187c00580125e0de49253ad1f07ff19fa4ba83c76dd50051a98

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
8/8/2014 7:53:43 AM UTC  (eight months ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
APPL/BrowseFox.Gen2
7.11.147.26

Antiy Labs AVL
AdWare/Win32.Agent
2.0.3.7

avast!
Win32:PUP-gen [PUP]
2014.9-140808

AVG
BrowseFox.F
2015.0.3389

Baidu Antivirus
Adware.Win32.Agent
4.0.3.1488

Comodo Security
Application.Win32.Altbrowse.AK
17718

Dr.Web
Adware.Plugin.100
9.0.1.028

ESET NOD32
Win32/BrowseFox (variant)
8.9371

Fortinet FortiGate
Adware/Agent
1/28/2014

G Data
Win32.Application.BrowseFox
14.8.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.2.2.29

Jiangmin
Adware/Agent.jaw
KV140128

K7 AntiVirus
Unwanted-Program
13.177.11965

K7 Gateway Antivirus
Unwanted-Program
13.177.11965

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.4395

Kingsoft AntiVirus
Win32.Troj.Agent.ah.(kcloud)
331020.49267

Malwarebytes
PUP.Optional.SerialTrunc.A
v2014.02.02.10

McAfee
Artemis!2C925CBFBEFD
5600.7045

McAfee Web Gateway
Artemis!2C925CBFBEFD
7.7045

NANO AntiVirus
Riskware.Win32.Agent.cqvnby
0.28.0.57473

Quick Heal
AdWare.Agent.r5 (Not a Virus)
8.14.14.00

Reason Heuristics
Adware.Yontoo.BHO.O
14.8.8.3

Sophos
Generic PUA IB
4.97

SUPERAntiSpyware
Adware.BrowseFox/Variant
10435

Trend Micro House Call
TROJ_GEN.F47V0120
7.2.28

Vba32 AntiVirus
AdWare.Agent
3.12.24.3

VIPRE Antivirus
Yontoo
28844

Zillya! Antivirus
Adware.Agent.Win32.9039
2.0.0.1777

File size:
243.8 KB (249,632 bytes)

Product version:
1.0.0.1

Copyright:
(c) SerialTrunc. All rights reserved.

Original file name:
SerialTruncIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\serialtrunc\serialtruncbho.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/2/2014 4:00:00 PM

Valid to:
1/3/2015 3:59:59 PM

Subject:
CN=SerialTrunc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SerialTrunc, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
167D55FA84ED98E4D7F5933FEC5E95BA

File PE Metadata
Compilation timestamp:
1/7/2014 11:25:13 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:S7+AGDPFQEo75yrehClBDyf1e0EEnT+eTCIaIycgUPvngL92:S7+j27mebJZTduILRHgL92

Entry address:
0x12844

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 80, 2D, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 44, 68, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, DC, A1, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3690

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
SerialTrunc

CLSID:
{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}


The file serialtruncbho.dll has been discovered within the following programs.

SerialTrunc  by Yontoo Technology, Inc.
This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.
serialtrunc.com/support
79% remove it
 
Powered by Should I Remove It?