» updateblindbat.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

updateblindbat.exe

blindbat

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for blindbat will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updateblindbat.exe by blindbat has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update blindbat”. This file is typically installed with the program blindbat by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

updateblindbat.exe

Publisher:

blindbat (signed and verified)

Version:

1.0.5149.8939

MD5:

32f927aa506cf814609f91dc0278ae55

SHA-1:

3ff3186b320549c339af5b27321e93a89258db70

SHA-256:

42e6412b688782937b1bb965ffc41ca7c0907806f082b771ab0b2e8d31f17417

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

5/8/2024 3:07:11 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo.blindbat (M)

15.12.15.4

File size:

78.3 KB (80,152 bytes)

Product version:

1.0.5149.8939

Original file name:

blindbat.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\blindbat\updateblindbat.exe

Digital Signature

Signed by:

blindbat

Authority:

VeriSign, Inc.

Valid from:

11/26/2013 5:00:00 PM

Valid to:

11/27/2014 4:59:59 PM

Subject:

CN=blindbat, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=blindbat, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0B7F97173CD91AC680AED809CA9B3B59

File PE Metadata

Compilation timestamp:

2/4/2014 9:58:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:ozyt9SczqBXrei/jYVBdday4kV8DBcMey94Kq6qCEk2bR+xLHECS:r9VQ7/jYVvd1Q6MJ4KRqCERbkRE5

Entry address:

0x1357A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1581

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

69.5 KB (71,168 bytes)

Service

Display name:

Update blindbat

Type:

Win32OwnProcess

The file updateblindbat.exe has been discovered within the following program.

blindbat by Yontoo Technology, Inc.

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

blindbat.info/support

80% remove it

Remove updateblindbat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.