home

sourceapp.gcupdate.dll

Source App

This is the Google Chrome extension manager/updater for the Yontoo Source App branded web browser plugin which injects banners, text-link and popup ads in the Chorme browser. The module sourceapp.gcupdate.dll by Source App has been detected as adware by 7 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Source App  (signed and verified)

Version:
1.0.5440.38729

MD5:
7f066d04a9bc3048b6d74b4e3ca21bc0

SHA-1:
1fa191314a9d3d26ba2189ae5103db2357b436cb

SHA-256:
df0689ac3669f9c94357f47faa3acc5b1517fe5b40ac9d1112486f5804676a3d

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser extension for Chrome.

Analysis date:
4/19/2024 10:00:09 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.197.30

AVG
Generic
2015.0.3253

Dr.Web
Trojan.Yontoo.115
9.0.1.05190

ESET NOD32
MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

F-Prot
W32/S-9dfc5fe7
v6.4.7.1.166

IKARUS anti.virus
PUA.MSIL.BrowseFox
t3scan.1.8.5.0

Reason Heuristics
PUP.SourceApp.R
14.12.22.6

File size:
1.4 MB (1,497,840 bytes)

Product version:
1.0.5440.38729

Original file name:
SourceApp.GCUpdate2014112405.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\sourceapp\bin\plugins\sourceapp.gcupdate.dll

Digital Signature
Signed by:
Source App

Authority:
VeriSign, Inc.

Valid from:
10/16/2014 1:00:00 AM

Valid to:
10/17/2015 12:59:59 AM

Subject:
CN=Source App, O=Source App, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5436973D688F7AF7E3F875CD8B463EDD

File PE Metadata
Compilation timestamp:
11/24/2014 5:30:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:UORElZfbyNdnNA2Mu+pS0+M3tb0pvaep5ZmllsQUfIKKuZAP2JRM2DlQMFmurjau:qlTu/0J3tCieDI/sQxKbZ7QMFmurf

Entry address:
0x16D8CE

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.4 MB (1,489,408 bytes)

Remove sourceapp.gcupdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.