» updatefortunitas.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

updatefortunitas.exe

Fortunitas

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Fortunitas will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatefortunitas.exe by Fortunitas has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update Fortunitas”. This file is typically installed with the program Fortunitas by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

Publisher:

Fortunitas (signed and verified)

Version:

1.0.5329.27197

MD5:

a8804dada310f54e3c9f4a079a17c274

SHA-1:

7cba5acdb82505cae8c3574070e5a6eb23d48982

SHA-256:

5f1d077d300b477de83dfdc207e1f63c0900015b54050f92ed8c291ab29004ea

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/27/2024 12:23:50 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo.Fortunitas (M)

16.2.12.2

File size:

315.8 KB (323,360 bytes)

Product version:

1.0.5329.27197

Original file name:

Fortunitas.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\fortunitas\updatefortunitas.exe

Digital Signature

Signed by:

Fortunitas

Authority:

VeriSign, Inc.

Valid from:

11/27/2013 1:00:00 AM

Valid to:

11/28/2014 12:59:59 AM

Subject:

CN=Fortunitas, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Fortunitas, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2F2F8BE6BBAEA40C49A9E24B7BE035FB

File PE Metadata

Compilation timestamp:

8/4/2014 6:06:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:ksIfAzolCmSb75vY76DYd7KrkbRk/L0ujMAqO2TTOigQKo37LwXWXbtMpt:ksIfZgBdLLjMcGJ8t

Entry address:

0x4EBB6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, E0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

307 KB (314,368 bytes)

Service

Display name:

Update Fortunitas

Type:

Win32OwnProcess

The file updatefortunitas.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Fortunitas by Yontoo Technology, Inc.

Fortunitas is a potentially unwanted web browser extension that is ad-supported and will display various popup and banner ads as well as modify the user's web browser search and home page settings.

fortunitas.net/support

81% remove it

Remove updatefortunitas.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.