home

updatelookinglink.exe

lookinglink

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for lookinglink will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatelookinglink.exe by lookinglink has been detected as adware by 24 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update lookinglink”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
lookinglink  (signed and verified)

Version:
1.0.5336.5629

MD5:
0e26d5de5038d79d7c711bd1b1a2fbb2

SHA-1:
b37800b71a5504830d966982e22f8fa080fa6e4c

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
4/26/2024 8:07:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.SwiftBrowse.4
487

Agnitum Outpost
PUA.Kranet
7.1.1

AhnLab V3 Security
PUP/Win32.SwiftBrowse
2014.11.26

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.188.230

AVG
Lokilink
2016.0.2965

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15106

Bitdefender
Gen:Variant.Adware.SwiftBrowse.4
1.0.20.1395

Emsisoft Anti-Malware
Gen:Variant.Adware.SwiftBrowse
8.15.10.06.09

ESET NOD32
Win32/BrowseFox (variant)
9.10782

Fortinet FortiGate
Adware/Kranet
10/6/2015

F-Secure
Gen:Variant.Adware.SwiftBrowse.4
11.2015-06-10_3

G Data
Gen:Variant.Adware.SwiftBrowse
15.10.24

K7 AntiVirus
Unwanted-Program
13.185.14134

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.1318

Malwarebytes
PUP.Optional.Lookinglink.A
v2015.10.06.09

McAfee
BrowseFox.c
5600.6621

MicroWorld eScan
Gen:Variant.Adware.SwiftBrowse.4
16.0.0.837

NANO AntiVirus
Riskware.Win32.BrowseFox.dedfsk
0.28.6.63726

Panda Antivirus
Trj/Chgt.B
15.10.06.09

Quick Heal
AdWare.MSIL.r3 (Not a Virus)
10.15.14.00

Reason Heuristics
Adware.Yontoo.lookinglink (M)
15.10.6.9

Sophos
Generic PUA LD
4.98

Trend Micro House Call
Suspicious_GEN.F47V0813
7.2.279

VIPRE Antivirus
Yontoo
35142

File size:
315.8 KB (323,360 bytes)

Product version:
1.0.5336.5629

Original file name:
lookinglink.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\lookinglink\updatelookinglink.exe

Digital Signature
Signed by:
lookinglink

Authority:
VeriSign, Inc.

Valid from:
11/27/2013 1:00:00 AM

Valid to:
11/28/2014 12:59:59 AM

Subject:
CN=lookinglink, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=lookinglink, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3196DD72CC98341089CB73C9BA4B6429

File PE Metadata
Compilation timestamp:
8/11/2014 6:07:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:eMJfAzDOnrgQ7oltY7JeYd7fJkZfmkx22E9oE8AkEXbKNQBO:eMJfKg2fx22E9oExlWyO

Entry address:
0x4EBA6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D4, 02, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
307 KB (314,368 bytes)

Service
Display name:
Update lookinglink

Type:
Win32OwnProcess


Remove updatelookinglink.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.