home

updateclearthink.exe

ClearThink

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for ClearThink will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updateclearthink.exe by ClearThink has been detected as adware by 25 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update ClearThink”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
ClearThink  (signed and verified)

Version:
1.0.5506.15122

MD5:
c00fb6d72fcffd9ae9b3f9288c99a7c2

SHA-1:
f921f5395010aa0140c7f61847a7d51a1eae888c

SHA-256:
fd4456dbdbb41e5b29cccfe39f5286ca5e1f99a18fcaa3296d7f7e2d55a0e2be

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
4/26/2024 4:16:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CN
651

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.23

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.219.36

avast!
Win32:BrowseFox-ET [PUP]
2014.9-150425

AVG
Generic
2016.0.3129

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.15425

Bitdefender
Adware.SwiftBrowse.CN
1.0.20.575

Dr.Web
Trojan.Yontoo.1742
9.0.1.0115

Emsisoft Anti-Malware
Adware.SwiftBrowse.CN
8.15.04.25.03

ESET NOD32
MSIL/BrowseFox.H potentially unwanted (variant)
9.11361

Fortinet FortiGate
Adware/BrowseFox
4/25/2015

F-Prot
W32/S-26365c9e
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CN
11.2015-25-04_7

G Data
Adware.SwiftBrowse.CN
15.4.25

K7 AntiVirus
Adware
13.202.15341

McAfee
BrowseFox-FTQ
5600.6785

MicroWorld eScan
Adware.SwiftBrowse.CN
16.0.0.345

NANO AntiVirus
Trojan.Win32.Yontoo.dnpbwx
0.30.8.659

nProtect
Adware.SwiftBrowse.CN
15.03.20.01

Qihoo 360 Security
Win32/Virus.Adware.708
1.0.0.1015

Reason Heuristics
Threat.Yontoo.ClearThink
15.4.24.23

Sophos
Generic PUA PJ
4.98

Trend Micro House Call
TROJ_GEN.R047C0EBC15
7.2.115

Trend Micro
TROJ_GEN.R047C0EBC15
10.465.25

VIPRE Antivirus
Yontoo
38682

File size:
649.2 KB (664,816 bytes)

Product version:
1.0.5506.15122

Original file name:
ClearThink2015012816.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\clearthink\updateclearthink.exe

Digital Signature
Signed by:
ClearThink

Authority:
VeriSign, Inc.

Valid from:
10/8/2014 7:00:00 PM

Valid to:
8/5/2015 6:59:59 PM

Subject:
CN=ClearThink, O=ClearThink, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59B72B1DB71CE323997B1EAF80E12AAE

File PE Metadata
Compilation timestamp:
1/28/2015 11:24:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:64I3d+cH1o4nJ888322MU6IohNylpQDWf4PVjdktRvNiDhPjl1Vw:6Z3ocVo4J8o3PMwjdgRvEQ

Entry address:
0xA1FE6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9604

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
640.5 KB (655,872 bytes)

Service
Display name:
Update ClearThink

Type:
Win32OwnProcess


Remove updateclearthink.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.