home

tealkitty.purbrowse.dll

Teal Kitty

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module tealkitty.purbrowse.dll by Teal Kitty has been detected as adware by 20 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Teal Kitty  (signed and verified)

Version:
1.0.5586.25178

MD5:
87bd1d35d539325df6582e107cccae20

SHA-1:
b9ef40e6d6a8ee608785f484c67db3e4dcabe604

SHA-256:
b6813f6257738c611c9bbdb52b5db7e3d8de8751b9548f27bc9fe6d440132056

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 10:24:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BZ
5651644

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.04.19

AVG
BrowseFox
2016.0.3135

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.15419

Bitdefender
Adware.BrowseFox.BZ
1.0.20.545

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Yontoo.1734
9.0.1.05190

Emsisoft Anti-Malware
Adware.BrowseFox.BZ
9.0.0.4799

ESET NOD32
MSIL/BrowseFox.H potentially unwanted application
7.0.302.0

F-Prot
W32/S-18d1a68a
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BZ
5.13.68

G Data
Adware.BrowseFox.BZ
15.4.25

IKARUS anti.virus
PUA.MSIL.BrowseFox
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15641

Malwarebytes
PUP.Optional.Sanbreel.A
v2015.04.19.06

MicroWorld eScan
Adware.BrowseFox.BZ
16.0.0.327

NANO AntiVirus
Riskware.Win32.BPlug.djpkri
0.30.16.1110

nProtect
Adware.BrowseFox.BZ
15.04.17.01

Quick Heal
Adware.Updater.A3
4.15.14.00

Reason Heuristics
Adware.Yontoo.TealKitty
15.4.19.2

File size:
1 MB (1,067,248 bytes)

Product version:
1.0.5586.25178

Original file name:
TealKitty.PurBrowse2015041821.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\teal kitty\bin\plugins\tealkitty.purbrowse.dll

Digital Signature
Signed by:
Teal Kitty

Authority:
VeriSign, Inc.

Valid from:
1/11/2015 1:00:00 AM

Valid to:
1/12/2016 12:59:59 AM

Subject:
CN=Teal Kitty, O=Teal Kitty, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
436637AA3101F57468AAB38795B34FD4

File PE Metadata
Compilation timestamp:
4/18/2015 11:59:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:n8KiijqtXb3VDLL5mjZbZ14tjIYI/dXbVW3BZY:8ltXb315mjritiVbVN

Entry address:
0x1047C2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Entropy:
7.0094

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,058,816 bytes)

Remove tealkitty.purbrowse.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.