» updatekrabweb.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

updatekrabweb.exe

Krab Web

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Krab Web will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatekrabweb.exe by Krab Web has been detected as adware by 5 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Krab Web”. Additionally, the file is typically installed by a number of programs including Krab Web by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

updatekrabweb.exe

Publisher:

Krab Web (signed and verified)

Version:

1.0.5401.5572

MD5:

212550b0d6ab64ec422457775b78a2e9

SHA-1:

58bc79c4c2291dc66b8cee24dd15c54ec10ae9c0

SHA-256:

152e3be0fa1520acd9af660ce4621decf99cef577f77b361cc7bbde386b2a7fa

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/25/2024 1:08:46 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3316

Baidu Antivirus

Adware.MSIL.BrowseFox

4.0.3.141019

ESET NOD32

MSIL/BrowseFox (variant)

8.10587

Malwarebytes

PUP.Optional.KrabWeb.A

v2014.10.19.04

Reason Heuristics

Adware.Yontoo.Service.N

14.10.19.16

File size:

509.7 KB (521,968 bytes)

Product version:

1.0.5401.5572

Original file name:

KrabWeb.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\krab web\updatekrabweb.exe

Digital Signature

Signed by:

Krab Web

Authority:

VeriSign, Inc.

Valid from:

10/6/2014 6:00:00 PM

Valid to:

10/7/2015 5:59:59 PM

Subject:

CN=Krab Web, O=Krab Web, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7267FFF9DE9B65FB24D2CA9CB6A3E8F9

File PE Metadata

Compilation timestamp:

10/15/2014 5:05:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:3z5prfZHq+grg06nryEcpOPpkf2/bhtY5e2t5CE6zQY7f/x2O0vmCVVS7NIC4ztI:3z5df8404capva0x2N/S7c3YKAkKb

Entry address:

0x7F34E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 5A, 00, 00, 00, 90, F3, 07, 00, 90, D5, 07, 00, 52, 53, 44, 53, 60, A3, DA, BE, 80, 56, 6F, 4B, 85, AC, 5A, C5, E8, 26, 0C, 02, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 77, 31, 70, 65, 66, 61, 6F, 71, 2E, 6E, 31, 73, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B... 
[+]

Entropy:

5.9238

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

501 KB (513,024 bytes)

Service

Display name:

Update Krab Web

Type:

Win32OwnProcess

The file updatekrabweb.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Krab Web by Yontoo Technology, Inc.

Krab Web is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.

krabweb.net/support

81% remove it

Remove updatekrabweb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.