home

updatelinkswift.exe

linkswift

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for linkswift will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatelinkswift.exe by linkswift has been detected as adware by 11 anti-malware scanners. This file is typically installed with the program Buzzdock by Alactro LLC which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
linkswift  (signed and verified)

Version:
1.0.5294.17890

MD5:
a2178bfbcd753e2f4fb8a8f0e6b16799

SHA-1:
d95b39bbbf51374579d7566ac5349af5959e6a65

SHA-256:
92cdfb59bad252be7b9b1c396465b3d89f0a6dcbb62c4b53d91e2e7cdda1ca21

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
4/26/2024 8:33:26 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.141126

ESET NOD32
Win32/BrowseFox (variant)
8.10055

Fortinet FortiGate
Adware/LinkSwift
11/26/2014

IKARUS anti.virus
AdWare.Win32.LinkSwift
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.LinkSwift
14.0.0.2887

Malwarebytes
PUP.Optional.LinkSwift.A
v2014.11.26.12

McAfee
Artemis!A2178BFBCD75
5600.6934

Reason Heuristics
Adware.Yontoo.linkswift.P
14.11.26.12

Sophos
Generic PUA NJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V0703
7.2.330

VIPRE Antivirus
Yontoo
31046

File size:
311.3 KB (318,752 bytes)

Product version:
1.0.5294.17890

Original file name:
LinkSwift.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\linkswift\updatelinkswift.exe

Digital Signature
Signed by:
linkswift

Authority:
VeriSign, Inc.

Valid from:
8/11/2013 7:00:00 PM

Valid to:
8/12/2015 6:59:59 PM

Subject:
CN=linkswift, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=linkswift, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3AD03D814D9E16358271D2CA8A94AB42

File PE Metadata
Compilation timestamp:
6/30/2014 5:56:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:6EOsBn8jKgx/5xlkDq5NDFgU2gjqC+C6ykdXub:6ZsBeKs5xvJ2kqZCO

Entry address:
0x4D8C2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0892

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
302.5 KB (309,760 bytes)

The file updatelinkswift.exe has been discovered within the following program.

Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
 
Powered by Should I Remove It?

Remove updatelinkswift.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.