home

SpringSmart.IEUpdate.dll

Spring Smart

This is the Internet Explorer add-on for the Yontoo Spring Smart branded web browser plugin (injects banner, text-link and popup ads). The component is responisble for registering the Browser Helper Object into IE and keeping it registered. The module SpringSmart.IEUpdate.dll by Spring Smart has been detected as adware by 9 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Spring Smart  (signed and verified)

Version:
1.0.5430.24286

MD5:
2a9ad7788f166d386c6bc806df1fa51b

SHA-1:
7992e13c64f71824bf3ab28b5ec73af1ec31d458

SHA-256:
38cf1aa7137d818aa012a9f5e6846f23b7d0e14b125ba40dbed2ec6594f5d5a2

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser add-on for Internet Explorer.

Analysis date:
4/26/2024 6:28:51 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.188.128

AVG
Spmart
2015.0.3280

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.141124

F-Prot
W32/A-44ec90a9
v6.4.7.1.166

K7 AntiVirus
Adware
13.185.14120

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.11.24.04

Reason Heuristics
Adware.Yontoo.SpringSmart.T
14.11.24.16

Sophos
Spring Smart
4.98

VIPRE Antivirus
Threat.4741131
35088

File size:
655.3 KB (671,016 bytes)

Product version:
1.0.5430.24286

Original file name:
SpringSmart.IEUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\spring smart\bin\plugins\springsmart.ieupdate.dll

Digital Signature
Signed by:
Spring Smart

Authority:
VeriSign, Inc.

Valid from:
8/21/2013 5:00:00 PM

Valid to:
8/22/2015 4:59:59 PM

Subject:
CN=Spring Smart, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Spring Smart, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D69FD87A1BCECDB8891F45F148E34E2

File PE Metadata
Compilation timestamp:
11/13/2014 1:29:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:ohAaR5JXs5l7UFt/KouzFtQmRcyfbVVAD7tnmGsvd0+XpDrg:oh/nJcAhKNe6QRmG00+5Drg

Entry address:
0xA397A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 70, 00, 00, 00, BC, 39, 0A, 00, BC, 1B, 0A, 00, 52, 53, 44, 53, 46, 69, F4, D2, 7F, 51, 4E, 42, B1, F6, 11, 03, CD, B8, AE, A5, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 6E, 79, 76, 35, 64, 62, 78, 62, 2E, 7A, 67, 6E, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Entropy:
7.8244

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
647 KB (662,528 bytes)

Remove SpringSmart.IEUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.