home

unp49207177.tmp

Glomatron

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file unp49207177.tmp by Glomatron has been detected as adware by 11 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
StdLib  (signed by Glomatron)

Product:
StdLib

Version:
1.4.3.1 built by: WinDDK

MD5:
32ff078fb555e62c3a92c166b8528b7c

SHA-1:
5d046ea643f886cfa4e136349778630fb2481c24

SHA-256:
65ed909565333fbb0bf339c6632e96e6f6ee83feafdfdeb7c37cb9221dd07810

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/19/2024 5:34:01 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/BrowseFox.A.168
7.11.173.134

AVG
Consurf
2016.0.2970

Bitdefender
Adware.SwiftBrowse.N
1.0.20.1370

Comodo Security
Application.Win32.RiskWare.NetFilter.D
19567

Dr.Web
hacktool program Tool.NetFilter.1
9.0.1.0274

herdProtect (fuzzy)
variant of {fef7f75c-f985-4250-96f9-8183cd04238b}gw.sys (Adware)
2015.10.1.9

MicroWorld eScan
Adware.SwiftBrowse.N
16.0.0.822

nProtect
Adware.SwiftBrowse.N
14.05.30.01

Reason Heuristics
PUP.Yontoo.Glomatron (M)
15.8.17.5

Trend Micro House Call
TROJ_GEN.F47V0529
7.2.274

VIPRE Antivirus
Trojan.Win32.Generic
29784

File size:
38.2 KB (39,104 bytes)

Product version:
1.4.3.1

Copyright:
Copyright © 2013 StdLib

Original file name:
StdLib.sys

Language:
English (United States)

Digital Signature
Signed by:
Glomatron

Authority:
VeriSign, Inc.

Valid from:
2/4/2014 4:00:00 AM

Valid to:
2/5/2015 3:59:59 AM

Subject:
CN=Glomatron, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Glomatron, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
69C9F9EB400285E909E4D59CB9FD1A45

File PE Metadata
Compilation timestamp:
9/13/2014 3:32:59 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
768:Pf5OQ5p9MZq9Vkh5z8tZfJm/6D1GqA+5+TFpEwXuK9a:Pf5H5pH+x8t1c/+Gd+5/4Ra

Entry address:
0x903E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 20, 80, FF, FF, CC, CC, 74, 91, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AE, 94, 00, 00, C0, 70, 00, 00, B4, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 95, 00, 00, 00, 70, 00, 00, EC, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A0, 98, 00, 00, 38, 70, 00, 00, C4, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 98, 99, 00, 00, 10, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, 94, 00, 00, F0, 94, 00, 00, C8, 94...
 
[+]

Entropy:
6.6557

Code size:
24.5 KB (25,088 bytes)

Remove unp49207177.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.