» updategreenerweb.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

updategreenerweb.exe

Greener Web

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Greener Web will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updategreenerweb.exe by Greener Web has been detected as adware by 16 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Greener Web”. This file is typically installed with the program Greener Web by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

Greener Web (signed and verified)

Version:

1.0.5318.36967

MD5:

95b6307b646d16c3172437c718e080f0

SHA-1:

1d3652cdc4fd766d23a227b0bef93c13433ff5c8

SHA-256:

03bbde684d80c7340742966b6359b4b0ac209c23de55e068ac352a23bf906690

Scanner detections:

16 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/24/2024 10:42:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.AM

925

AVG

Greenerweb

2015.0.3403

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14725

Bitdefender

Adware.SwiftBrowse.AM

1.0.20.1030

Emsisoft Anti-Malware

Adware.SwiftBrowse.AM

8.14.07.25.11

ESET NOD32

Win32/BrowseFox.H potentially unwanted application

7.0.302.0

F-Secure

Adware.SwiftBrowse.AM

11.2014-25-07_6

G Data

Adware.SwiftBrowse.AM

14.7.24

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.6.1.0

Kaspersky

not-a-virus:RiskTool.Win32.Agent

15.0.0.494

Malwarebytes

PUP.Optional.GreenerWeb.A

v2014.07.25.11

MicroWorld eScan

Adware.SwiftBrowse.AM

15.0.0.618

nProtect

Adware.SwiftBrowse.AM

14.07.25.01

Panda Antivirus

Trj/CI.A

14.07.25.11

Qihoo 360 Security

Win32/Virus.RiskTool.c91

1.0.0.1015

Reason Heuristics

PUP.GreenerWeb.Q

14.7.25.11

File size:

314.3 KB (321,824 bytes)

Product version:

1.0.5318.36967

Original file name:

GreenerWeb.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\greener web\updategreenerweb.exe

Digital Signature

Signed by:

Greener Web

Authority:

VeriSign, Inc.

Valid from:

4/21/2014 9:00:00 PM

Valid to:

4/22/2015 8:59:59 PM

Subject:

CN=Greener Web, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Greener Web, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5AE1591EB6D76718ADCE211DFB4D195B

File PE Metadata

Compilation timestamp:

7/24/2014 6:32:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:pX6Bn8YjeHS7TPkD2vGQcBB/TMs7lUSPEJbsapbm3fN:pX6BNjV7TZ8xOcEhc3fN

Entry address:

0x4E5B6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, E0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

305.5 KB (312,832 bytes)

Service

Display name:

Update Greener Web

Type:

Win32OwnProcess

The file updategreenerweb.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Greener Web by Yontoo Technology, Inc.

This adware software (a branded version of the morphing Yontoo adware browser addon) injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with Yontoo or its affiliate partners.

greenerweb.info/support

80% remove it

Remove updategreenerweb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.